excid3 Posted December 3, 2007 Posted December 3, 2007 Why is everyone using batch scripts to write their payloads? I am considering using NSIS to write my own. I can incorporate everything into the exe and extract them to keep the payload much less complicated looking and include a customizable ini file to change the settings. Are there any problems with NSIS i'm not aware of? Quote
fretmelter66 Posted December 3, 2007 Posted December 3, 2007 no not tht im aware of. but batch files are easy to make. can be altered easily, run quickly, windows doesnt see them as a threat, and can be very powerful. Quote
excid3 Posted December 3, 2007 Author Posted December 3, 2007 thing is NSIS exe's can be uch more useful, take a bit of compiling, but can be MUCH more useful. I think ill see what i can come up with, and let you guys know! Quote
sablefoxx Posted December 3, 2007 Posted December 3, 2007 Yes, exe's can be very useful, but its a lot easeir just to write a quick .bat, i know C (still learning more likeĀ it) but its much easier to just make the payload with a .bat then with C, sure its not the most powerful way to do it, but its fast, easy simple. :) Quote
beakmyn Posted December 3, 2007 Posted December 3, 2007 Because the average user doesn't know how to program using NSIS. That's why I used vbs, kinda in between your solution and batch files but I could compile it. In fact I had to Google NSIS which looks to be a Nullsoft's scriptable installer? How silent can it be made? Quote
excid3 Posted December 3, 2007 Author Posted December 3, 2007 NSIS can be completely silent. You guys have heard of PortableApps.com by John Haller? Thats what he uses for EVERYTHING. I've written a copy of Dev-C++ that runs portably using NSIS. I will see what kind of customized payload I can work out for you guys and drop the source and payload here for you guys to check out. Ive got finals coming up in a week so it might take me some time. Quote
sablefoxx Posted December 4, 2007 Posted December 4, 2007 I will see what kind of customized payload I can work out for you guys and drop the source and payload here for you guys to check out. Ive got finals coming up in a week so it might take me some time. Sounds good to me, i've never used NSIS be fun to learn about it. Quote
mleo2003 Posted December 4, 2007 Posted December 4, 2007 NSIS can be completely silent. You guys have heard of PortableApps.com by John Haller? Thats what he uses for EVERYTHING. I've written a copy of Dev-C++ that runs portably using NSIS. You know you can do the same thing with Dev-C++ Portable just by running it with a '-c .' parameter passed to it when you run it? Make <gasp>another batch!!!11!111</gasp> :-) that just runs the "devcpp.exe -c ." command. Or better yet, tell PStart/whatever other start menu type setup you use to use that as the shortcut to it. Not as special as making your own NSIS package (which I plan on doing for Ruby someday), but it works. My only issue with using something other than .bat's is on some systems (even XP), it prompts you and asks do you want to run this executable for exe's. I don't think that's a concern with .bat files, but I could be wrong. Quote
excid3 Posted December 5, 2007 Author Posted December 5, 2007 Yeah my NSIS Dev-C++ used the -c parameter ;) Good point about the batch scripts not being asked. I'm still goign to make a payload and test it out. Ive got a VM so I'll install several copies of windows in it and see what happens. Quote
K1u Posted December 5, 2007 Posted December 5, 2007 windows doesnt see them as a threat, and can be very powerful. Lol but then again, what does windows see as a threatĀ Quote
excid3 Posted December 5, 2007 Author Posted December 5, 2007 touche. Is there any way to get around UAC in Vista? I have a feeling that is going to give my payload problems. XP and the others should be fine, however UAC will probably put a stop to mine. Quote
HarshReality Posted December 5, 2007 Posted December 5, 2007 The typical used uses UAC for @ 20 minutes (my previous employer was a large computer manufacturer) and 90% of the calls in the first month Vista hot was how to disable it in the MSConfig options because they were tired of it asking for every little thing. Quote
excid3 Posted December 5, 2007 Author Posted December 5, 2007 Well this may turn out more as an XP targeted payload. May work on some vista comps, maybe not. We shall see. I hope to get the payload finished in a couple of weeks....stupid finals. Quote
mleo2003 Posted December 6, 2007 Posted December 6, 2007 With Vista, you probably need to use a batch file to test for UAC some how, and if it exists, either just exit, or go old school on it, otherwise, go for the new/improved stuff. Might could even use a batch file to disable UAC, and then run the exe stuff. Just some options you have. Quote
HarshReality Posted December 6, 2007 Posted December 6, 2007 Per MSConfig: Disable UAC (Requires Reboot): C:WindowsSystem32cmd.exe /k %windir%System32reg.exe ADD HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v EnableLUA /t REG_DWORD /d 0 /f Enable UAC (Requires Reboot): C:WindowsSystem32cmd.exe /k %windir%System32reg.exe ADD HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v EnableLUA /t REG_DWORD /d 1 /f Of course there is also a trojan method but Ive never tried it: Link Of course there is also a "run as administrator" option but I cant validate that. Quote
excid3 Posted December 6, 2007 Author Posted December 6, 2007 Interesting...the trojan might be one way of getting around that... Do you think renaming the existing .exe and replacing the original filename with the trojan would work? I think I will wait until I get my payload working in XP before I try anything for Vista... The only downside of turning off UAC using the msconfig line is that it will disable it completely, and if already enabled the user might notice UAC not complaining about every little thing. Quote
HarshReality Posted December 6, 2007 Posted December 6, 2007 Well durring initial activation/running if its shut off and the payload runs and then reenables it would seem as though nothing had happened to cause it to go off (once apps are in startup for vista and installed it doesnt really sound off constantly). So the trick would be disable, payload, enable since one asumes the system is up and running when the drive is inserted and the user is waiting for a driver load to happen. But I have a tri-boot system here so when you get the XP side going and want a VIsta dry run I'll be more than happy to help out if I can. Quote
excid3 Posted December 6, 2007 Author Posted December 6, 2007 Ok, but i thought you mentioned that disabling UAC using msconfig required a reboot... Quote
mleo2003 Posted December 6, 2007 Posted December 6, 2007 Seeing as I have had no dealings with Vista for long, and know nothing of UAC, I must ask the following question before going on Google in the hunt for my own answer (I know, probably should hunt first). Is the UAC a service that can be disabled with a few calls to the 'sc' command? Quote
excid3 Posted December 7, 2007 Author Posted December 7, 2007 Ok so I think the best bet is going to be executing the NSIS payload through a batch script. Since batch scripts go seemingly unnoticed, i can have it execute the NSIS payload without much worry. I've got to study for finals right now, but i'll be done by thurs of next week. Hopefully i should have a alpha version of my payload out soon after....but i've got dialup at home, so it might take a little longer :( Quote
HarshReality Posted December 10, 2007 Posted December 10, 2007 Exid3... got something for you to take into consideration... http://www.securityxploded.com/vistauacmaker.php Making Application Vista UAC Compliant To make any application Vista UAC compliant one has to embed a manifest file specifying the privilege required by the application. Manifest file mainly contain 2 important information, privilege required by the application and UI interaction of application with other windows. Ā Ā Ā There are 3 types of privileges that can be mentioned in the manifest file. Ā Ā Ā * requireAdministrator : Run as administrator Ā Ā Ā * asInvoker : Run as same privilege as parent process Ā Ā Ā * highestAvailable : Run with highest privilege available for user Other than this, one has to specify if the application interacts with user interface of other high privilege applications. For example your application may send the message to modify the UI of other high privilege application. This is specified through following parameter Ā Ā Ā uiAccess : TRUE/FALSE Quote
excid3 Posted December 11, 2007 Author Posted December 11, 2007 Thanks for the link. I'll check it out and see what I can do with it. I'm going to install Ultimate this weekend and test some things out. If this doesnt work, is there a way we can trick Windows into thinking that the exe (nsis script) has already been allowed by UAC? Also some very explanatory info: http://www.autorun.com/webhelp/Introductio...ndows_Vista.htm Quote
HarshReality Posted December 11, 2007 Posted December 11, 2007 Well according to that link you can add a manifest to an exe that states how the program should be handled. IF a manifest could be added it would circumvent UAC and run as administrator by default. Quote
excid3 Posted December 11, 2007 Author Posted December 11, 2007 I'll have to check this out and see how it goes. If this works...curcumventing UAC might be easier than i thought. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.