Jump to content

Best payload for nun U3 devices?

naddel81

By naddel81
in USB Hacks

 Share

Recommended Posts

Steve8x Newbie

Steve8x

Posted
Posted

The best payload is one you have programmed yourself! Because you can customize it to do whatever you want, and it works exactly the way you want....

You really should get a U3 device so your "payload" runs automatically without user input...

But if your too cheap to, then use some clever disguise ... like for example, make the program when the box pops up something that seems innocent... like don't have the popup say click to to install virus or something like that lol...

instead maybe put some mp3's on your USB stick, disguise your payload installer within a mp3 player that you've made... when you run the mp3 player it plays the mp3's while in the background your payload is being installed....

and here's a special hint from me which I use, This is the best way I have thought of to receive whatever information your gathering from the computer...

Setup a free website which offers PHP and MYSQL, create a mysql database... craft a php page so that when data is submitted to it it is stored into the database...

now instead of having your payload EMAIL you have your payload SUBMIT the data to your php page! since the php page is server sided NOBODY can read the php code except you! Since its a free website with false information nothing can be traced back to you!

if they try to download the php page, no they wont get php code, only the HTML code generated by it... which you can make blank, or have a little message saying "YOU GOT PWNED"

thats my take on a good payload ;)

Link to comment
Share on other sites
naddel81 Newbie

naddel81

Posted
  • Author
Posted
The best payload is one you have programmed yourself! Because you can customize it to do whatever you want, and it works exactly the way you want....

You really should get a U3 device so your "payload" runs automatically without user input...

But if your too cheap to, then use some clever disguise ... like for example, make the program when the box pops up something that seems innocent... like don't have the popup say click to to install virus or something like that lol...

instead maybe put some mp3's on your USB stick, disguise your payload installer within a mp3 player that you've made... when you run the mp3 player it plays the mp3's while in the background your payload is being installed....

and here's a special hint from me which I use, This is the best way I have thought of to receive whatever information your gathering from the computer...

Setup a free website which offers PHP and MYSQL, create a mysql database... craft a php page so that when data is submitted to it it is stored into the database...

now instead of having your payload EMAIL you have your payload SUBMIT the data to your php page! since the php page is server sided NOBODY can read the php code except you! Since its a free website with false information nothing can be traced back to you!

if they try to download the php page, no they wont get php code, only the HTML code generated by it... which you can make blank, or have a little message saying "YOU GOT PWNED"

thats my take on a good payload ;)

Hi Steve8x,

thanks for your advice. I am not quite sure if I should get an U3, because I fear that all the good tools for payloads are discovered as viruses by now. At least my Avira tells me so. That would really make a U3 worthless :(

Link to comment
Share on other sites
Steve8x Newbie

Steve8x

Posted
Posted

*all the PUBLIC tools and payloads are detectable by almost any AV...

because once the AV people get there hands on a "payload" they create little virus "signatures" i think they are called...

which are just an array of byte codes which make up a program in a certain order... if an AV picks up a number of bytes arranged in the same order, as one of the virus signatures in there database, it flags the file as a virus/trojan/whatever usually with some b$ name that doesn't even make sense and is not what it is at all...

There's been countless times when a non malicious file was flagged as malicious by my Anti-virus! its really annoying especially when you know its a clean file! just because the file contains similar bytes to that of a file someone made a virus out of!!

You can still make whats detectable undetectable again! but you have to change the code around! sometimes alot! you need to make it so the arrangement of bytes that make up the program, aren't picked up by AV... AV's don't detect the method used to do something(at least not usually) they detect certain byte patterns...

here's an example(note: this is just a random disassembled output taken from a random program)

bytes.png

now lets say that block of code is in an AV database as part of a virus signature

You can see the bytes to the left and the opcodes to the right... Now if you had the source code to this program, you'd locate where this is in your source code, and change the order of things, add in some new stuff, remove things, etc... make it look like a different program... In turn the order of these bytes will change around... I wouldn't recommend trying to make a program undetectable that you don't have the source code to as it would be a tedious job, unless the program was coded in ASM to begin with, then it would be more lightweight...

obviously some of these codes have to be in the order that they are for things to work right, but you change what you can!

OK. Here's a scenario! Lets say a program you've made which was once undetectable is now detectable by Anti-virus's because some jerk off coded a malicious program that has similar code to yours...

What you do is you comment EVERYTHING out! comment all your code out and re-compile, now are you undetectable? you should be! If so continue! un-comment your code little by little, until you find out where in your code your being picked up by AV! once you find the problem area in your code, now you've spotted your problem. change it around, like I said before. Add new stuff, remove old stuff, change the order of things, until you are undetectable once again! :)

trial and error... repeat until you are successfull! that is how you make programs undetectable

Link to comment
Share on other sites
naddel81 Newbie

naddel81

Posted
  • Author
Posted
*all the PUBLIC tools and payloads are detectable by almost any AV...

because once the AV people get there hands on a "payload" they create little virus "signatures" i think they are called...

which are just an array of byte codes which make up a program in a certain order... if an AV picks up a number of bytes arranged in the same order, as one of the virus signatures in there database, it flags the file as a virus/trojan/whatever usually with some b$ name that doesn't even make sense and is not what it is at all...

There's been countless times when a non malicious file was flagged as malicious by my Anti-virus! its really annoying especially when you know its a clean file! just because the file contains similar bytes to that of a file someone made a virus out of!!

You can still make whats detectable undetectable again! but you have to change the code around! sometimes alot! you need to make it so the arrangement of bytes that make up the program, aren't picked up by AV... AV's don't detect the method used to do something(at least not usually) they detect certain byte patterns...

here's an example(note: this is just a random disassembled output taken from a random program)

bytes.png

now lets say that block of code is in an AV database as part of a virus signature

You can see the bytes to the left and the opcodes to the right... Now if you had the source code to this program, you'd locate where this is in your source code, and change the order of things, add in some new stuff, remove things, etc... make it look like a different program... In turn the order of these bytes will change around... I wouldn't recommend trying to make a program undetectable that you don't have the source code to as it would be a tedious job, unless the program was coded in ASM to begin with, then it would be more lightweight...

obviously some of these codes have to be in the order that they are for things to work right, but you change what you can!

OK. Here's a scenario! Lets say a program you've made which was once undetectable is now detectable by Anti-virus's because some jerk off coded a malicious program that has similar code to yours...

What you do is you comment EVERYTHING out! comment all your code out and re-compile, now are you undetectable? you should be! If so continue! un-comment your code little by little, until you find out where in your code your being picked up by AV! once you find the problem area in your code, now you've spotted your problem. change it around, like I said before. Add new stuff, remove old stuff, change the order of things, until you are undetectable once again! :)

trial and error... repeat until you are successfull! that is how you make programs undetectable

thx for clearing that up. sounds like a lot of work. and unless you have the sourcecode, it is nearly impossible, right?

what a pity :(

Link to comment
Share on other sites
sablefoxx Newbie

sablefoxx

Posted
Posted
...its all gravy my friend ^_^
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...