M0XIE Posted September 3, 2007 Share Posted September 3, 2007 Okay people straight from the website here is the tutorial. I will delve into this further explaining several features and options that I have done/used while running this payload. INSTALLATION GUIDE 1. Download the Payload and the Universal Customizer if you don't already have it What You Need: -=GonZor=- Payload - V2.0 Universal Customizer Previous Versions: -=GonZor=- Payload - V1.2 -=GonZor=- Payload - V1.1 -=GonZor=- Payload - V1.0 Version 1.x Tools SBConfig-V1.0.11 2. Unzip the Universal Customizer to "C:Universal_Customizer" 3. Unzip the Payload to "C:Payload" Actual location is not a problem. I extracted both of these to a folder on my desktop. 4. Copy the file "C:PayloadU3CUTOM.ISO" to "C:Universal_CustomizerBINU3CUTOM.ISO" 5. Run C:Universal_CustomizerUniversal_Customizer.exe i) Read and accept the User Agreement ii) Close all U3 applications and any applications that access your U3 drive iii) Set a password for the backup zip file iv) Wait for the Universal Customizer to modify your CD partition and replace your files to the flash drive v) The modification should now be complete, Unplug your U3 Drive and plug it back in If you are updating this from a previous version or just re-flashing the drive for any reason you will get an error about three quarters of the way threw depending on what options you had enabled previously, for example VNC, or if you are running say firefox off of it. If you were in the process of read/write to the drive data after the point of UC launch will be gone. 6. Copy "C:PayloadSBConfig.exe" to the flash partition of the flash drive When I first installed this I was pretty green with Switchblade. When he states to copy it to the flash partition he means the data portion of it. Where you store your files normally, Not on the U3 partition. 7. Run SBConfig.exe from your flash drive i) Select the check boxes of the Payload options you would like to use ii) Enter your email address and password for the HakSaw if you wish to use it. iii) Click "Update Config", A message box should appear to confirm this is completed iv) Toggle between using the payload or not by clicking the "Turn PL On"/"Turn PL Off" Button" v) Toggle between using the U3 Launcher or not by clicking the "Turn U3 Launchpad On"/"Turn U3 Launchpad Off" Button While the options you select are completely up to you here is my opinion on several of the options. VNC Install Great option. However, when using this option you need to think for a second. VNC is short for Virtual Network Computing, which means you can be miles upon miles away and run the computer like it's right in front of you. Since VNC install installs a VNC server you will need a client, or VNC viewer to "view" what's going on. The best viewers in my opinion are RealVNC and TightVNC, both of which can be found with Google. Click here to get started with that search. If you plan on using this tool you will also need to enable Dump External IP. While this is optional this will help in the long run when you are trying to configure your client to connect to the server. When you are configuring your client all you should have to do is type the external IP of the computer you are trying to connect to in the server box. Next you will be prompted for a password, instead of searching through the hak5 forum to find the password that is only in one post that really has nothing to do with Gonzor's payload, I will tell you the password is "yougothacked" with out the "". While I have only tested the VNC Install on a LAN it is hard to say personally how it will work in the WAN. With some RATs I have used in the past both the server and client computer needed to have a port forwarded if they were behind a router, I fear WinVNC may be the same, but remember I said I haven't tried it yet so go ahead try it out and let me know. Further more I do not know what will happen if you try to connect to a network where there are multipul VNC's running, port forwarding may be the only option here. One last thing, wait till later at night or when you can clearly see that no one is within viewing distance. People tend to freak out when the mouse starts moving and letters start appearing. Unless, you are using the VNC to simply watch what their doing. PWDDUMP FGDUMP In essence they both do the same thing, however depending on what security measures they have installed one or both may not work. To make sure you get the sam files no matter what please enable both. USB Hacksaw This is very nice in an unprotected computer. Notice I said unprotected, you don't come across those too often anymore. My only other complaint is the antidote, it never wants to uninstall stunnel. Port Scan Nice if you plan on installing some RAT's later. This way you will know which ports are open so you don't have to worry about forwarding ports server side. However, you could always get a RAT with reverse connection. 8. Eject your SwitchBlade and have fun stealing passwords Yes, enjoy. Also note that if you stumble across a nice little tool that you would like on the U3 partition so a crazy AV don't delete it you can always open up Gonzor's U3CUTOM.ISO and add more information. If you have any questions or comments please feel free to post here. I will do my best to respond. Quote Link to comment Share on other sites More sharing options...
marc Posted September 15, 2007 Share Posted September 15, 2007 Nice tutorial and opinions on the RATs. External IP dumper FTW! Quote Link to comment Share on other sites More sharing options...
K1u Posted September 17, 2007 Share Posted September 17, 2007 Good job friend. Congratulations. Quote Link to comment Share on other sites More sharing options...
GonZor Posted September 17, 2007 Share Posted September 17, 2007 External IP dumper FTW! And soon our new IP updater will be done (yeah I know, Its taken ages to get finished. I have been really busy and my main computer has died, I'm still in the process of fixing it.) Quote Link to comment Share on other sites More sharing options...
marc Posted September 17, 2007 Share Posted September 17, 2007 External IP dumper FTW! And soon our new IP updater will be done (yeah I know, Its taken ages to get finished. I have been really busy and my main computer has died, I'm still in the process of fixing it.) No worries. My end is pretty much done, just a small amount of tidying up needs to be done. Hey, I appreciate the payload anyway, and understand we all live lives away from the computer. (Most of us.) So no rush at all GonZor, hope all is well :). Quote Link to comment Share on other sites More sharing options...
USBHacker Posted September 28, 2007 Share Posted September 28, 2007 !!! I got this error; By panarchy at 2007-09-28 Please help! Thanks in advance. USBHacker Quote Link to comment Share on other sites More sharing options...
GonZor Posted September 28, 2007 Share Posted September 28, 2007 !!! I got this error; By panarchy at 2007-09-28 Please help! Thanks in advance. USBHacker Are you using a U3 drive? Have you got it inserted? Quote Link to comment Share on other sites More sharing options...
jinster364 Posted October 1, 2007 Share Posted October 1, 2007 we dont have to specify a port number for vnc? Quote Link to comment Share on other sites More sharing options...
jinster364 Posted October 1, 2007 Share Posted October 1, 2007 every time i use vncviewer, type in the external ip of the victim comp, it just comes back as "failed to connect to server". Quote Link to comment Share on other sites More sharing options...
GonZor Posted October 1, 2007 Share Posted October 1, 2007 every time i use vncviewer, type in the external ip of the victim comp, it just comes back as "failed to connect to server". There are several things that could be causing this, like the victims firewall/router. We are currently working on ways around this but it our main concern at the moment is getting the new site up and functional.The port is set automatically in the reg file. Also the password may be in question, I have gotten several results back saying different passwords work for different people these are (hacked, yougothacked, easy) you may have to try all three to see which works for you. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted October 6, 2007 Share Posted October 6, 2007 A possibility to get around firewalls would be to have the victim's computer some how join a VPN. I'm not sure how easy this would be, but I'm pretty sure its possible. A silent install of a VPN client maybe very hard/time consuming. Just a thought... Quote Link to comment Share on other sites More sharing options...
GonZor Posted October 7, 2007 Share Posted October 7, 2007 A possibility to get around firewalls would be to have the victim's computer some how join a VPN. I'm not sure how easy this would be, but I'm pretty sure its possible. A silent install of a VPN client maybe very hard/time consuming. Just a thought... So far the best way to get around someones firewall is reverse vnc as suggested by someone in the payload release thread. Not too difficult to modify. Quote Link to comment Share on other sites More sharing options...
Itsthatguy Posted September 25, 2010 Share Posted September 25, 2010 I was thinking since there seems to be a slight problem with firewalls, routers, etc. with vnc, could gonzor be setup to make the computer allow remote desktop connections? It already has the external ip dump and pwdump/fgdump so you could get the password and the ip address. Once it would be setup no anitvirus should detect it because it is a windows tool. I would assume that most accounts you would be trying to get into would be admins, so you could connect to them by default, if there not an admin you could probably add the user using part of a script. Quote Link to comment Share on other sites More sharing options...
bonucci Posted October 14, 2010 Share Posted October 14, 2010 Hi there, now a days is this scripts are easely detected by the antivirus? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.