Jump to content

Why use batch scripts?


excid3
 Share

Recommended Posts

Why is everyone using batch scripts to write their payloads? I am considering using NSIS to write my own. I can incorporate everything into the exe and extract them to keep the payload much less complicated looking and include a customizable ini file to change the settings. Are there any problems with NSIS i'm not aware of?

Link to comment
Share on other sites

Yes, exe's can be very useful, but its a lot easeir just to write a quick .bat, i know C (still learning more like  it) but its much easier to just make the payload with a .bat then with C, sure its not the most powerful way to do it, but its fast, easy simple. :)

Link to comment
Share on other sites

Because the average user doesn't know how to program using NSIS. That's why I used vbs, kinda in between your solution and batch files but I could compile it. In fact I had to Google NSIS which looks to be a Nullsoft's scriptable installer? How silent can it be made?

Link to comment
Share on other sites

NSIS can be completely silent. You guys have heard of PortableApps.com by John Haller? Thats what he uses for EVERYTHING. I've written a copy of Dev-C++ that runs portably using NSIS.

I will see what kind of customized payload I can work out for you guys and drop the source and payload here for you guys to check out. Ive got finals coming up in a week so it might take me some time.

Link to comment
Share on other sites

I will see what kind of customized payload I can work out for you guys and drop the source and payload here for you guys to check out. Ive got finals coming up in a week so it might take me some time.

Sounds good to me, i've never used NSIS be fun to learn about it.

Link to comment
Share on other sites

NSIS can be completely silent. You guys have heard of PortableApps.com by John Haller? Thats what he uses for EVERYTHING. I've written a copy of Dev-C++ that runs portably using NSIS.

You know you can do the same thing with Dev-C++ Portable just by running it with a '-c .' parameter passed to it when you run it? Make <gasp>another batch!!!11!111</gasp> :-) that just runs the "devcpp.exe -c ." command. Or better yet, tell PStart/whatever other start menu type setup you use to use that as the shortcut to it. Not as special as making your own NSIS package (which I plan on doing for Ruby someday), but it works.

My only issue with using something other than .bat's is on some systems (even XP), it prompts you and asks do you want to run this executable for exe's. I don't think that's a concern with .bat files, but I could be wrong.

Link to comment
Share on other sites

Yeah my NSIS Dev-C++ used the -c parameter ;) Good point about the batch scripts not being asked. I'm still goign to make a payload and test it out. Ive got a VM so I'll install several copies of windows in it and see what happens.

Link to comment
Share on other sites

With Vista, you probably need to use a batch file to test for UAC some how, and if it exists, either just exit, or go old school on it, otherwise, go for the new/improved stuff. Might could even use a batch file to disable UAC, and then run the exe stuff. Just some options you have.

Link to comment
Share on other sites

Per MSConfig:

Disable UAC (Requires Reboot): C:WindowsSystem32cmd.exe /k %windir%System32reg.exe ADD HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v EnableLUA /t REG_DWORD /d 0 /f

Enable UAC (Requires Reboot): C:WindowsSystem32cmd.exe /k %windir%System32reg.exe ADD HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v EnableLUA /t REG_DWORD /d 1 /f

Of course there is also a trojan method but Ive never tried it: Link

Of course there is also a "run as administrator" option but I cant validate that.

Link to comment
Share on other sites

Interesting...the trojan might be one way of getting around that...

Do you think renaming the existing .exe and replacing the original filename with the trojan would work? I think I will wait until I get my payload working in XP before I try anything for Vista...

The only downside of turning off UAC using the msconfig line is that it will disable it completely, and if already enabled the user might notice UAC not complaining about every little thing.

Link to comment
Share on other sites

Well durring initial activation/running if its shut off and the payload runs and then reenables it would seem as though nothing had happened to cause it to go off (once apps are in startup for vista and installed it doesnt really sound off constantly).

So the trick would be disable, payload, enable since one asumes the system is up and running when the drive is inserted and the user is waiting for a driver load to happen. But I have a tri-boot system here so when you get the XP side going and want a VIsta dry run I'll be more than happy to help out if I can.

Link to comment
Share on other sites

Seeing as I have had no dealings with Vista for long, and know nothing of UAC, I must ask the following question before going on Google in the hunt for my own answer (I know, probably should hunt first).

Is the UAC a service that can be disabled with a few calls to the 'sc' command?

Link to comment
Share on other sites

Ok so I think the best bet is going to be executing the NSIS payload through a batch script. Since batch scripts go seemingly unnoticed, i can have it execute the NSIS payload without much worry. I've got to study for finals right now, but i'll be done by thurs of next week. Hopefully i should have a alpha version of my payload out soon after....but i've got dialup at home, so it might take a little longer :(

Link to comment
Share on other sites

Exid3... got something for you to take into consideration...

http://www.securityxploded.com/vistauacmaker.php


Making Application Vista UAC Compliant 
To make any application Vista UAC compliant one has to embed a manifest file specifying the privilege required by the application. Manifest file mainly contain 2 important information, privilege required by the application and UI interaction of application with other windows.
     
There are 3 types of privileges that can be mentioned in the manifest file. 
     * requireAdministrator : Run as administrator
     * asInvoker : Run as same privilege as parent process
     * highestAvailable : Run with highest privilege available for user


Other than this, one has to specify if the application interacts with user interface of other high privilege applications. For example your application may send the message to modify the UI of other high privilege application. This is specified through following parameter


      uiAccess : TRUE/FALSE

Link to comment
Share on other sites

Thanks for the link. I'll check it out and see what I can do with it. I'm going to install Ultimate this weekend and test some things out.

If this doesnt work, is there a way we can trick Windows into thinking that the exe (nsis script) has already been allowed by UAC?

Also some very explanatory info: http://www.autorun.com/webhelp/Introductio...ndows_Vista.htm

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...