USB Switchblade Development Options

[DLSS]

avast dont like it :(
and wiggs out

[Darren Kitchen]

huh, just curious how difficult it would be to add a feature to this switchblade-- the capacity to copy files OFF of the computer you plug it into (e.g. documents, msn messenger logs, etc), while maintaining its stealthiness.

It wouldn't be hard to program in, but I rather like it the way it is since it's actually way more stealthy. As a systems administrator if I found that this happened on my network I could check traffic logs and possibly find the drop site that the cracker used.

[vehlewa1]

Great tool, but I'm getting errors on the DUMP SAM portion:

Logon to 127.0.0.1ADMIN$ failed: code 53

Or

Logon to 127.0.0.1ADMIN$ failed: code 1231

Anyone else having similar problems?

[Sparda]

That could be casued by a firewall or windows file sharing been disabled, I'm not familier with the error coads and so can't say for sure.

[vehlewa1]

File Sharing is enabled, and even with the firewall and anti-virus turned off I'm still getting the same errors. It seems to work great pulling all of my passwords from applications, but it wont even generate the hash to run against rainbow..

[cypherhash]

Something that would be really interesting is having this work even if autorun is enabled, by exploiting the USB to either enable temporarily or just run this code. A lot of places are now preventing the autorun feature for fear of things like this. I'd be interested to see / help with that solution.

[Hug_It]

I'd love to see it expanded so that it can email or somehow send the results to a user specified destination just for use in penetration testing. Leave a few USB sticks around a company and just wait for the users to pick them up and plug them in. Great example to convince companies to quit allowing their users administrative priviledges.

Either the U3 version or Amish's version would be satisfactory. Anyone know how to do that?

[Sparda]

File Sharing is enabled, and even with the firewall and anti-virus turned off I'm still getting the same errors. It seems to work great pulling all of my passwords from applications, but it wont even generate the hash to run against rainbow..

Perhaps there is no password on the admin acount. In that instance windows would force remote users to logon using the guesst acount.

[cypherhash]

Interesting article that sounds exactly like what you described, http://www.darkreading.com/document.asp?do...T.svl=column1_1. Now if only they'd release the source of their program. Though I doubt it would be hard to whip something together.

[elitegoodguy]

This works great. However 1 problem. I want to make it as stealthy as possible but it causes a popup box saying that it wan't to restart the computer to finish installing the hardware. Anyone know how to disable that or get around this?

Thanks

[Sparda]

That sounds like it could be a computer (or windows rather) specific problem. Windows will do that on some computer for what ever reason, it's just egnorable.

[elitegoodguy]

That sounds like it could be a computer (or windows rather) specific problem. Windows will do that on some computer for what ever reason, it's just egnorable.

I tried it on 5 computers at work. mine, and 4 others. Mine did not do that, however all 4 others did

[Hug_It]

Interesting article that sounds exactly like what you described, http://www.darkreading.com/document.asp?do...T.svl=column1_1. Now if only they'd release the source of their program. Though I doubt it would be hard to whip something together.

Exactly what I was thinking.

[Guest_MaxDamage_*]

...

[elitegoodguy]

Hey man I feel famous LOL. Seriously thanks for the credit Darren. 8)

When I developed the first payload it was just a proof of concept put together in half an hour as soon as I found out how to replace the U3 iso. Anywaz since then I have written some more, and refined it a bit. I have also got a bolt on, that silently finds the local smtp server (or builds its own if directly connected) and emails the results.

So If you guys want to help develop it further I’m up for it. And if you need help getting it running then just ask :).

I also have a nun U3 version somthing like Amesh'e that I could add if you need it.

That would be great... would this be something that copies all the required files to the HD then emails from there? I'm thinking that so I won't have to be at the local computer any longer than needs be.

[Guest_MaxDamage_*]

...

[brainkill]

avast dont like it :(
and wiggs out

what files? pleas email me at admin@vertex-hosting.net with the files it flags. I will encrypt them. I have encrypted pwdump.exe lsaext.dll and pwservice and they are hosted at http://brainkill.net/hack. Consult page for direct links.


Thanks

[Guest_MaxDamage_*]

...

[brainkill]

nice, how do you ecrypt exe's ?

secret :X I dont give it out for fear of it becoming public and caught by avs. I WILL ENCRYPT THEM BUT I WONT GIVE OUT THE ENCRYPTER. Sorry. It would also allow any blackhat-wannabe to hack people. Im not going to let that happen.

[DLSS]

avast dont like it :(
and wiggs out

what files? pleas email me at admin@vertex-hosting.net with the files it flags. I will encrypt them. I have encrypted pwdump.exe lsaext.dll and pwservice and they are hosted at http://brainkill.net/hack. Consult page for direct links.


Thanks

i think i can guess how :P
i'll do a quick check . that message was just emediately while dowloading (the on acces scanner)
but i'll disable it and maually test each file seperate and send u the results :wink: