USB Pocket-Knife Development Options

[Leapo]

Introduction:

Let me start off by saying that this is NOT YET a final payload, this threads purpose is to serve as a learning experience to me while providing a useful end-all be-all payload to the community. For now I will provide the payload in its current state at the end of this post.

This payload is the result of slowly browsing this forum and saving every bit of code and every full payload I've come across, then stitching it all together into a modular switchblade with just about every feature in existence. I've gone through and fully commented most of the code (still working on that), I've made sure everything is virus free, I've separated out major functions so that they can be turned on and off at will, and I've made sure it runs completely silently on a U3 and non-U3 thumbdrive in the least-obvious way possible.

Current State and Features:

The following is a list of everything included in the payload:

Key:
- Non-U3 Drives Only
- U3 Drives only
- Not yet Implemented
- Everything Else

Features:
- Upon insertion, the first option in the Autorun dialog box starts the payload, while appearing only to open the drive.
- Full silent autorun with no user interaction for U3 drives.
- A "Menu.bat" is included to mange all special functions, modules, and features of the switchblade.
- Payload checks the root of the C: drive and prevents the payload from running if the file "Safety.txt" is found.
- Includes TightVNC viewer so you always have it with you.
- Includes Notepad++ for easy batch editing.
- Includes antidote batch files for Nmap, the Hacksaw, and VNC.
- Fully commented code and fully featured ReadMe with instructions on setting up the payload for your needs.
- A custom backup and restore script, which automatically restores the switchblade (to the last time it was backed up) before every run. This ensures the payload is always put back to a normal state, even after it's been nuked by an antivirus.
- A custom auto-update script that goes out and downloads the most recent versions of many of the tools used on the switchblade (pwdump, nircmd, etc). Simply run it from Menu.bat, and the tools will be downloaded, extracted, and installed into the payload. The backup archive for the entire payload will also be updated to keep the latest versions of the files from being overwritten by an old backup. *working on a way to get this working for U3 drives.
- Auto Compress logs as they are generated to save space
- Email logs Back to yourself
- Optional auto-repack of executable to circumvent AV detection

Payload Components:
- Runs AVKill (csrss.exe)
- Restores the payload to the last backup point
- Disables the Windows Firewall Silently
- Hides Hidden and System Files
- Enables the Remote Desktop service
- Dumps general System Info
- Dumps the SAM
- Dumps LSA secrets
- Dumps LSA secrets via an alternate method (less detectable, not as pretty)
- Dumps Network Passwords
- Dump messenger passwords
- Dump IE passwords.
- Dump saved wireless keys
- Dump URL history
- Dump Firefox passwords (Supports Firefox 3))
- Dump Cache Passwords
- Dump Current Network Services
- Generic Port Scanning
- Dumps current external IP
- Dumps email, messenger, and general website passwords
- Dumps currently installed hot fixes and IE history
- Dumps Google Chrome passwords
- Installs Hacksaw the usual way
- Installs WinVNC client.
- Installs Nmap as a service (emails you results like the Hacksaw)
- Installs a keylogger which emails its logs off to you daily [Broken!]
- File slurping for logs, chat-logs, downloads, bookmarks, etc. (smaller files)
- File slurping for various Documents and Media folders. (larger files)
- Opens an explorer window to the Documents folder when finished
- Automatic update scrip to keep various executables up to date.
- Compress logs as they are generated to save space.
- Optionally email logs in addition to storing them on the switchblade.
- Management interface to manage the various functions of the pocket Knife.
- Ability to save up to 3 configuration profiles [New!]

[Leapo]

Download Payload:

Here' s where you'll find the most recent full build of my payload; I'll try to keep this as up-to-date as I can as I receive and work out fixes and optimizations. I'll always post a notification when a new version is available, or when an update is made to the code in my above posts.

Current Version: USB Pocket Knife 0.8.8.0 by Leapo
Release Date: October 6, 2008
Download Mirrors: MegaUpload, and RapidShare

Note: The above includes both the U3 and non-U3 versions of the payload. The ISO is now pre-built, just flash and go!!!

Payload Change Log:

October 6, 2008: Pocketknife 0.8.8.0 Released
Change 0: Payload can now be set to shutdown the PC after its finished.
Change 1: Now dumps Google Chrome passwords.
Change 2: New profile management system, save up to 3 payload configurations!
Change 3: If "Safety.txt Check" is disabled Menu.bat will now show the "run payload" option even if Safety.txt is found.
Change 4: made some cosmetic fixes to Menu.bat.
September 28, 2008: Pocketknife 0.8.7.0 Released
Change 0: Backup Script in menu.bat works again.
Change 1: Auto-Update script in menu.bat works again.
Change 2: Many path errors fixed.
Change 3: Added OS detection to increase compatibility.
Change 4: Slurp now uses variables instead of hard paths to improve compatibility.
Change 5: Slurp now grabs data from Pidgen.
Change 6: Prebuilt U3 ISO included!
September 19, 2008: Pocketknife 0.8.6.5 Released
Change 0: Invalid directory name broke just about all of 0.8.6.0, this has been corrected.
Change 1: AVKill's executable was missing from the U3 version of the payload.
Change 2: File Copiers executable was missing entirely.
September 15, 2008: Pocketknife 0.8.6.0 Released
Change 0: Fixed U3 compatibility (was broken in 0.8.5.5)
Change 1: Slurp 2 should now work properly.
September 17, 2008: Pocketknife 0.8.5.5 Released
Change 0: Fixed "Port Scan" not running correctly.
Change 1: PwDump failing to create service.
Change 2: FgDump failing to output anything.
Change 3: Firepassword updated, now works with Firefox 3.0
Change 4: PwDump Updated to 1.7.2
Change 5: FgDump updated to 2.1.0
September 14, 2008: Pocketknife 0.8.5.0 Released
Change 0: Animation_1.cfg was missing, causing some features of menu.bat to malfunction.
Change 1: Fixed an ordering issue in Start.bat.
Change 2: Fixed an issue with GO.vbs causing it to start more than one copy of Start.bat
Change 3: Fixed a typo preventing the "Dump Mail Passwords" module from running.
Change 4: Fixed a typo preventing the "Dump Updates-List" module from running.
Change 5: Fixed "Dump Mail passwords" not running correctly.
Change 6: Fixed "Dump Network passwords" not running correctly.
Change 7: Fixed "Dump Messenger passwords" not running correctly.
Change 8: Fixed "Dump LSA Secrets" not running correctly.
Change 9: AVKill Should now operate silently.
Change 10: File structure created by slurp was cleaned up.
Change 11: Folder now opens AFTER the payload finishes, not before (if it's selected to open at all).
September 11, 2008: Pocketknife 0.8.2.0 Released
Change 0: Bug causing safety.txt to be ignored fixed.
Change 1: "No Disk" errors should be resolved.
Change 2: New "disarm' feature to prevent it from starting at all.
Change 3: three options on what folder to open after completion: Logs, Root, or None.
Change 4: ReadMe brought up to date.
Change 5: "Disable Firewall" is now totally silent (disables security center first)
August 31, 2008: Pre-Release 0.8.1.0 Released
Change 0: Now fully U3 compatible (fixed from v0.8.0.0)
Change 1: Menu.bat has been greatly reduced in size.
June 09, 2008: Pre-Release 0.8.0.0 Released
Change 0: Payload overhauled from the ground up.
Change 1: Now fully U3 compatible (broken in this build).
Change 2: Menu system overhauled.
Change 3: Both versions of the payload launch silently for sure!
November 24, 2007: U3 ISO
Change 0: Fixed the U3 ISO to launch the payload silently
November 10, 2007: Beta 0.6.2.1 Release
Change 0: VNC install method updated.
Change 1: Backup and Restore Script streamlined.
Change 2: Automatic Updates added.
Change 3: Centralized Management Interface added.
June 20, 2007: Beta 0.4 Release
Change 0: Added a custom backup and restore script (restores the payload before every run to keep it safe from AV software).
Change 1: Updated the Readme with new information about the backup and restore function, PLEASE READ THE README!
Change 2: Improved and added more comments to the code.
Change 3: Fixed various typos in my comments.
June 18, 2007: Beta 0.3 Release
Change 0: Completely overhauled Slurp and Slurp2.bat
Change 1: Fixed Port_Scan.bat (thanks go to Elmer and GonZor for their help).
Change 2: Improved and added more comments to the code.
Change 3: Fixed various typos in my comments.
June 16, 2007: Initial Post
Change 0: Initial Release