Jump to content

Payload -=GonZor=- Tutorial


M0XIE

Recommended Posts

Okay people straight from the website here is the tutorial. I will delve into this further explaining several features and options that I have done/used while running this payload.

INSTALLATION GUIDE

1. Download the Payload and the Universal Customizer if you don't already have it

What You Need:

-=GonZor=- Payload - V2.0

Universal Customizer

Previous Versions:

-=GonZor=- Payload - V1.2

-=GonZor=- Payload - V1.1

-=GonZor=- Payload - V1.0

Version 1.x Tools

SBConfig-V1.0.11

2. Unzip the Universal Customizer to "C:Universal_Customizer"

3. Unzip the Payload to "C:Payload"

Actual location is not a problem. I extracted both of these to a folder on my desktop.

4. Copy the file "C:PayloadU3CUTOM.ISO" to "C:Universal_CustomizerBINU3CUTOM.ISO"

5. Run C:Universal_CustomizerUniversal_Customizer.exe

    i) Read and accept the User Agreement

    ii) Close all U3 applications and any applications that access your U3 drive

    iii) Set a password for the backup zip file

    iv) Wait for the Universal Customizer to modify your CD partition and replace your files to the flash drive

    v) The modification should now be complete, Unplug your U3 Drive and plug it back in

If you are updating this from a previous version or just re-flashing the drive for any reason you will get an error about three quarters of the way threw depending on what options you had enabled previously, for example VNC, or if you are running say firefox off of it. If you were in the process of read/write to the drive data after the point of UC launch will be gone.

6. Copy "C:PayloadSBConfig.exe" to the flash partition of the flash drive

When I first installed this I was pretty green with Switchblade. When he states to copy it to the flash partition he means the data portion of it. Where you store your files normally, Not on the U3 partition.

7. Run SBConfig.exe from your flash drive

    i) Select the check boxes of the Payload options you would like to use

    ii) Enter your email address and password for the HakSaw if you wish to use it.

    iii) Click "Update Config", A message box should appear to confirm this is completed

    iv) Toggle between using the payload or not by clicking the "Turn PL On"/"Turn PL Off" Button"

    v) Toggle between using the U3 Launcher or not by clicking the "Turn U3 Launchpad On"/"Turn U3 Launchpad Off" Button

While the options you select are completely up to you here is my opinion on several of the options.

VNC Install

Great option. However, when using this option you need to think for a second. VNC is short for Virtual Network Computing, which means you can be miles upon miles away and run the computer like it's right in front of you. Since VNC install installs a VNC server you will need a client, or VNC viewer to "view" what's going on. The best viewers in my opinion are RealVNC and TightVNC, both of which can be found with Google. Click here to get started with that search.

If you plan on using this tool you will also need to enable Dump External IP. While this is optional this will help in the long run when you are trying to configure your client to connect to the server. When you are configuring your client all you should have to do is type the external IP of the computer you are trying to connect to in the server box. Next you will be prompted for a password, instead of searching through the hak5 forum to find the password that is only in one post that really has nothing to do with Gonzor's payload, I will tell you the password is "yougothacked" with out the "".

While I have only tested the VNC Install on a LAN it is hard to say personally how it will work in the WAN. With some RATs I have used in the past both the server and client computer needed to have a port forwarded if they were behind a router, I fear WinVNC may be the same, but remember I said I haven't tried it yet so go ahead try it out and let me know. Further more I do not know what will happen if you try to connect to a network where there are multipul VNC's running, port forwarding may be the only option here. One last thing, wait till later at night or when you can clearly see that no one is within viewing distance. People tend to freak out when the mouse starts moving and letters start appearing. Unless, you are using the VNC to simply watch what their doing.

PWDDUMP FGDUMP

In essence they both do the same thing, however depending on what security measures they have installed one or both may not work. To make sure you get the sam files no matter what please enable both.

USB Hacksaw

This is very nice in an unprotected computer. Notice I said unprotected, you don't come across those too often anymore. My only other complaint is the antidote, it never wants to uninstall stunnel.

Port Scan

Nice if you plan on installing some RAT's later. This way you will know which ports are open so you don't have to worry about forwarding ports server side. However, you could always get a RAT with reverse connection.

8. Eject your SwitchBlade and have fun stealing passwords

Yes, enjoy. Also note that if you stumble across a nice little tool that you would like on the U3 partition so a crazy AV don't delete it you can always open up Gonzor's U3CUTOM.ISO and add more information.

If you have any questions or comments please feel free to post here. I will do my best to respond.

Link to comment
Share on other sites

  • 2 weeks later...

External IP dumper FTW!

And soon our new IP updater will be done (yeah I know, Its taken ages to get finished. I have been really busy and my main computer has died, I'm still in the process of fixing it.)

No worries. My end is pretty much done, just a small amount of tidying up needs to be done. Hey, I appreciate the payload anyway, and understand we all live lives away from the computer. (Most of us.) So no rush at all GonZor, hope all is well :).

Link to comment
Share on other sites

  • 2 weeks later...
every time i use vncviewer, type in the external ip of the victim comp, it just comes back as "failed to connect to server".

There are several things that could be causing this, like the victims firewall/router. We are currently working on ways around this but it our main concern at the moment is getting the new site up and functional.The port is set automatically in the reg file. Also the password may be in question, I have gotten several results back saying different passwords work for different people these are (hacked, yougothacked, easy) you may have to try all three to see which works for you.

Link to comment
Share on other sites

A possibility to get around firewalls would be to have the victim's computer some how join a VPN.  I'm not sure how easy this would be, but I'm pretty sure its possible.  A silent install of a VPN client maybe very hard/time consuming.  Just a thought... 

Link to comment
Share on other sites

A possibility to get around firewalls would be to have the victim's computer some how join a VPN.  I'm not sure how easy this would be, but I'm pretty sure its possible.  A silent install of a VPN client maybe very hard/time consuming.  Just a thought... 

So far the best way to get around someones firewall is reverse vnc as suggested by someone in the payload release thread. Not too difficult to modify.

Link to comment
Share on other sites

  • 2 years later...

I was thinking since there seems to be a slight problem with firewalls, routers, etc. with vnc, could gonzor be setup to make the computer allow remote desktop connections? It already has the external ip dump and pwdump/fgdump so you could get the password and the ip address. Once it would be setup no anitvirus should detect it because it is a windows tool. I would assume that most accounts you would be trying to get into would be admins, so you could connect to them by default, if there not an admin you could probably add the user using part of a script.

Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...