Jump to content

Recommended Posts

Posted

Why is everyone using batch scripts to write their payloads? I am considering using NSIS to write my own. I can incorporate everything into the exe and extract them to keep the payload much less complicated looking and include a customizable ini file to change the settings. Are there any problems with NSIS i'm not aware of?

Posted

thing is NSIS exe's can be uch more useful, take a bit of compiling, but can be MUCH more useful. I think ill see what i can come up with, and let you guys know!

Posted

Yes, exe's can be very useful, but its a lot easeir just to write a quick .bat, i know C (still learning more likeĀ  it) but its much easier to just make the payload with a .bat then with C, sure its not the most powerful way to do it, but its fast, easy simple. :)

Posted

Because the average user doesn't know how to program using NSIS. That's why I used vbs, kinda in between your solution and batch files but I could compile it. In fact I had to Google NSIS which looks to be a Nullsoft's scriptable installer? How silent can it be made?

Posted

NSIS can be completely silent. You guys have heard of PortableApps.com by John Haller? Thats what he uses for EVERYTHING. I've written a copy of Dev-C++ that runs portably using NSIS.

I will see what kind of customized payload I can work out for you guys and drop the source and payload here for you guys to check out. Ive got finals coming up in a week so it might take me some time.

Posted
I will see what kind of customized payload I can work out for you guys and drop the source and payload here for you guys to check out. Ive got finals coming up in a week so it might take me some time.

Sounds good to me, i've never used NSIS be fun to learn about it.

Posted
NSIS can be completely silent. You guys have heard of PortableApps.com by John Haller? Thats what he uses for EVERYTHING. I've written a copy of Dev-C++ that runs portably using NSIS.

You know you can do the same thing with Dev-C++ Portable just by running it with a '-c .' parameter passed to it when you run it? Make <gasp>another batch!!!11!111</gasp> :-) that just runs the "devcpp.exe -c ." command. Or better yet, tell PStart/whatever other start menu type setup you use to use that as the shortcut to it. Not as special as making your own NSIS package (which I plan on doing for Ruby someday), but it works.

My only issue with using something other than .bat's is on some systems (even XP), it prompts you and asks do you want to run this executable for exe's. I don't think that's a concern with .bat files, but I could be wrong.

Posted

Yeah my NSIS Dev-C++ used the -c parameter ;) Good point about the batch scripts not being asked. I'm still goign to make a payload and test it out. Ive got a VM so I'll install several copies of windows in it and see what happens.

Posted

touche. Is there any way to get around UAC in Vista? I have a feeling that is going to give my payload problems. XP and the others should be fine, however UAC will probably put a stop to mine.

Posted

The typical used uses UAC for @ 20 minutes (my previous employer was a large computer manufacturer) and 90% of the calls in the first month Vista hot was how to disable it in the MSConfig options because they were tired of it asking for every little thing.

Posted

Well this may turn out more as an XP targeted payload. May work on some vista comps, maybe not. We shall see. I hope to get the payload finished in a couple of weeks....stupid finals.

Posted

With Vista, you probably need to use a batch file to test for UAC some how, and if it exists, either just exit, or go old school on it, otherwise, go for the new/improved stuff. Might could even use a batch file to disable UAC, and then run the exe stuff. Just some options you have.

Posted

Per MSConfig:

Disable UAC (Requires Reboot): C:WindowsSystem32cmd.exe /k %windir%System32reg.exe ADD HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v EnableLUA /t REG_DWORD /d 0 /f

Enable UAC (Requires Reboot): C:WindowsSystem32cmd.exe /k %windir%System32reg.exe ADD HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v EnableLUA /t REG_DWORD /d 1 /f

Of course there is also a trojan method but Ive never tried it: Link

Of course there is also a "run as administrator" option but I cant validate that.

Posted

Interesting...the trojan might be one way of getting around that...

Do you think renaming the existing .exe and replacing the original filename with the trojan would work? I think I will wait until I get my payload working in XP before I try anything for Vista...

The only downside of turning off UAC using the msconfig line is that it will disable it completely, and if already enabled the user might notice UAC not complaining about every little thing.

Posted

Well durring initial activation/running if its shut off and the payload runs and then reenables it would seem as though nothing had happened to cause it to go off (once apps are in startup for vista and installed it doesnt really sound off constantly).

So the trick would be disable, payload, enable since one asumes the system is up and running when the drive is inserted and the user is waiting for a driver load to happen. But I have a tri-boot system here so when you get the XP side going and want a VIsta dry run I'll be more than happy to help out if I can.

Posted

Seeing as I have had no dealings with Vista for long, and know nothing of UAC, I must ask the following question before going on Google in the hunt for my own answer (I know, probably should hunt first).

Is the UAC a service that can be disabled with a few calls to the 'sc' command?

Posted

Ok so I think the best bet is going to be executing the NSIS payload through a batch script. Since batch scripts go seemingly unnoticed, i can have it execute the NSIS payload without much worry. I've got to study for finals right now, but i'll be done by thurs of next week. Hopefully i should have a alpha version of my payload out soon after....but i've got dialup at home, so it might take a little longer :(

Posted

Exid3... got something for you to take into consideration...

http://www.securityxploded.com/vistauacmaker.php


Making Application Vista UAC Compliant 
To make any application Vista UAC compliant one has to embed a manifest file specifying the privilege required by the application. Manifest file mainly contain 2 important information, privilege required by the application and UI interaction of application with other windows.
Ā  Ā  Ā 
There are 3 types of privileges that can be mentioned in the manifest file. 
Ā  Ā  Ā * requireAdministrator : Run as administrator
Ā  Ā  Ā * asInvoker : Run as same privilege as parent process
Ā  Ā  Ā * highestAvailable : Run with highest privilege available for user


Other than this, one has to specify if the application interacts with user interface of other high privilege applications. For example your application may send the message to modify the UI of other high privilege application. This is specified through following parameter


Ā  Ā  Ā  uiAccess : TRUE/FALSE

Posted

Well according to that link you can add a manifest to an exe that states how the program should be handled. IF a manifest could be added it would circumvent UAC and run as administrator by default.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...