Use CD rather than USB drive

[suicidemayhem]

so, instead of fighting with the auto run on non U3 usb keys and hoping the person will run the program (if you are not accessing the computer), why cant this be installed on a cheap cd and instead of the information being written on the drive, it writes to the root directory *.log/*.rar of the computer, emails results, and deletes the file? the person gets what they need off the cd and is none the wiser?

in this case, autorun will obviously work (unless disabled completely) and if the cd is just blank, the person may just discard it, leaving no trace at all.

none of the programs, that i have seen, need to write to themselves or on the disk they are on, they write data where you tell it correct?

could this be done??

[SomeoneE1se]

um... huh?

[suicidemayhem]

instead of writing the log to (USB DRIVE)..documentslogfiles(computername), write it to %SystemRoot%Logfiles%computername% and email that file.

since the "USB" drive will not have to be written on at that point, a standard cd can call the shots and email the logfile to its destination.

[SomeoneE1se]

I think someone did this already

[suicidemayhem]

I've made it.

A cd that installs itself on the desktop, creates and emails the log file, then removes itself from the system.

Do you know what a 50 pack of CD's runs? yeah, MUCH cheaper than usb keys.

and the fact that it autoruns FLAWLESSLY is an extreme benefit.

[Xqtftqx]

U3 hacking... windows thinks its a cd. no difrence, exept its cheaper

[sc0rpi0]

so, instead of fighting with the auto run on non usb keys and hoping the person will run the program (if you are not accessing the computer), why cant this be installed on a cheap cd and instead of the information being written on the drive, it writes to the root directory *.log/*.rar, emails results, and deletes the file? the person gets what they need off the cd and is none the wiser?

in this case, autorun will obviously work (unless disabled completely) and if the cd is just blank, the person may just discard it, leaving no trace at all.

none of the programs, that i have seen, need to write to themselves or on the disk they are on, they write data where you tell it correct?

could this be done??

Sure, just one problem. USB drives put the information on the USB drive. Since cd's cannot be written to, the logs must be ftpd or email off.

Chances are, if your target is not your grandma, then the target's firewall will block the email leaving you with nothing. :(

Great idea though.

[GonZor]

Sure, just one problem. USB drives put the information on the USB drive. Since cd's cannot be written to, the logs must be ftpd or email off.

Chances are, if your target is not your grandma, then the target's firewall will block the email leaving you with nothing. :(

Great idea though.

Actually *MOST* firewalls allow any outgoing traffic (even Smoothwall until recently by default allowed any outgoing traffic), And most people only use windows built in firewall.

[suicidemayhem]

Sure, just one problem. USB drives put the information on the USB drive. Since cd's cannot be written to, the logs must be ftpd or email off.

Chances are, if your target is not your grandma, then the target's firewall will block the email leaving you with nothing. :(

Great idea though.

I already have a working cd. in fact, the files are hidden, the cd 'looks' completely blank. the program files are copied to the computer, executed, and a log file appears in my inbox within 30 seconds. there is no sign anything happened at all. tested on 4 computers, no problems at all. afterwards, all the copied programs and such are removed from the system and no trace is left.

[Sparda]

no trace is left.

Not possible on windows

[suicidemayhem]

ok, no trace that unless you dont know more than how to open microsoft word and get online you cant find it. better?

[moonlit]

no trace is left.

Not possible

Fixed.

[sc0rpi0]

Sure, just one problem. USB drives put the information on the USB drive. Since cd's cannot be written to, the logs must be ftpd or email off.

Chances are, if your target is not your grandma, then the target's firewall will block the email leaving you with nothing. :(

Great idea though.

Actually *MOST* firewalls allow any outgoing traffic (even Smoothwall until recently by default allowed any outgoing traffic), And most people only use windows built in firewall.

Thanks for the information. Most people I know use either Mcafee or Norton. I believe that both block outbound until permission is

granted. Although this can be easily fixed by "netstop security center," the security center stops the ftp.

[Sparda]

no trace is left.

Not possible

Fixed.

Mounting a NTFS (or any file system for that matter) partition in Linux or BSD (off a live disk of course) read only would leave no trace. ;)

At least not in the computers 'mind'. In reality (is that different to the computers mind some how?) you would of course leave traces. We are not talking in this contexts, so these points are a bit moot.

[sc0rpi0]

I already have a working cd. in fact, the files are hidden, the cd 'looks' completely blank. the program files are copied to the computer, executed, and a log file appears in my inbox within 30 seconds. there is no sign anything happened at all. tested on 4 computers, no problems at all. afterwards, all the copied programs and such are removed from the system and no trace is left.

If it's not too much trouble, would you mind posting the files in something like a zip?

With MediaFire, the file can be hosted in a matter of seconds.

Thanks very much.

[suicidemayhem]

something is up with my server for my site. ill have a rar up asap for you to see what i have done. keep in mind my code is very disorganized, im new to this. i haven't programmed since high school c++. it does work perfectly (except for the keylogger for now), but it is nowhere near finished. this is just a version that was thrown together to make sure it worked. with that being said, let me figure out why it wont upload.

[sc0rpi0]

something is up with my server for my site. ill have a rar up asap for you to see what i have done. keep in mind my code is very disorganized, im new to this. i haven't programmed since high school c++. it does work perfectly (except for the keylogger for now), but it is nowhere near finished. this is just a version that was thrown together to make sure it worked. with that being said, let me figure out why it wont upload.

No hurry.

Thanks.

[suicidemayhem]

ok, its up.

www.rivalgraphix.com/public/

should be the only file there now, Sawblade2.0

again, remember its all over the place file-wise, but it works. modifications can definitely be done/improved/added. right now it logs almost all the stuff switchblade did, plus it installs a keylogger. the install works fine, just cant get the scheduler thing to work properly. and its not as hidden as it was, i stripped it down to learn the code better.

go.cmd is basically everything, i didn't use start.bat. go seemed to have everything i wanted to get done, so i started there. it also works very fast, logs being emailed to me within 20-30 seconds.

i have tried it on 5 computers. worked perfect on 4 (xp), but failed on the last (nt i believe). the one it failed on is a rip station for printing at work, but as far as i have determined, the code/variables are different in nt than xp, so that may be it. besides, i dont know anyone running just nt except maybe at school.

INSTALL:

Just drop the three folders to a cd and burn. dont forget to edit the send files to add your own email. there is one file in each folder that emails need to be added to. the go.cmd file controls the email for the log and external ip for now.

there are some weird command lines at the bottom that rename the c drive, popup network msgs, etc. these were thrown in there personally to send to people i know, just to mess with them and for me to familiarize myself with the commands. they are commented out, have nothing to do with the program.

HAVE FUN, let me know how it works out!

oh, and it installs to the desktop because i wanted to see it happen, not have to dig through directories to find the folder. it deletes all the files inside the TEMP folder afterwards, but for some reason doesn't delete the folder, haven't figured that out. install path will definitely be changed in the future mods.

its named Sawblade cause the original Saw dvd was in front of me at the time and it does go along with the whole 'blade' naming theme...

[moonlit]

no trace is left.

Not possible

Fixed.

Mounting a NTFS (or any file system for that matter) partition in Linux or BSD (off a live disk of course) read only would leave no trace. ;)

At least not in the computers 'mind'. In reality (is that different to the computers mind some how?) you would of course leave traces. We are not talking in this contexts, so these points are a bit moot.

Ok, so there are ways, but there could well be network logs and such, it's not just the local machine that can log...

[Archangel]

Aye CD is not the greatest to use if your computer is under a user level where so many privileges are taken away you can not even put in a CD just to play music on let alone access a program.  I started out using floppys before I had finally got a USB key which makes so much more difference then before.

CD's are only good for such a time before you can get into networked computers.  Then the best way to go is either USB or floppy.  But thats how I see it in the simplest way.

[suicidemayhem]

I agree, cds cant be used all the time, especially since just about every computer has usb, its much faster, dont have to rely on email, etc.

but, with a cd, i can give someone files/data/whatever and have the progs loaded on it hidden. there are benefits to the cd, even if the usb key is better.