Also, someone pointed out to me that go.bat is flagged by most AV now, so it is helpful to rename the batch file :-)
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Karl Schuttler Sent: Monday, November 23, 2009 11:43 AM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] U3 enabled device Gonzor's site actually came back up in February or March; he has version 2.0 stable up and available for download. I would suggest starting there. You can customize your own payload using universal customizer and Gonzor's stuff as a base, using go.bat as the application launch script and the neat stuff you've been learning from CommandLineKungFu; go ahead and email me for more info. Karl On Mon, Nov 23, 2009 at 12:17 PM, Butturini, Russell <[email protected]> wrote: > So I think Gonz0r's site has been down for quite a while. You do need a > different version of the U3 universal customizer to work on Vista. Also, one > of the issues with the original payload is about 95% of the tools on it are > snared by AV. Of course the benefit of having them loaded on the U3 side is > that antivirus can't erase the files. > > Check here for some update information. The U3 solution presented here is a > different concept than attack, but you should be able to take the information > and create your own solution)Once again I'm a shameless self promoter): > > http://www.irongeek.com/i.php?page=videos/incident-response-u3-switchblade > > I hope you share your work with all of us! Feel free to reach out to me if > you have more questions. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Bert Van Kets > Sent: Monday, November 23, 2009 4:15 AM > To: PaulDotCom Security Weekly Mailing List > Subject: [Pauldotcom] U3 enabled device > > Hi guys, > > I got me a 2GB U3 enable Sandisk Cruizer for 3€ on Friday. :-D > I've been looking into turning this into a switchblade/hacksaw but the > info I find - mostly on Hak5 of course - is more than three years old. > I have a copy of the Universal Customizer version 1.0.0.8 with the > included payload. I can not find any info on the real content of the > payload, nor on the way to actually use it (ex. where is the retrieved > data stored). Is there a better method, installer or payload? > Does anybody have an update on this? > > Thanks. > > Bert > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > ****************************************************************************** > This email contains confidential and proprietary information and is not to be > used or disclosed to anyone other than the named recipient of this email, > and is to be used only for the intended purpose of this communication. > ****************************************************************************** > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com ****************************************************************************** This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. ****************************************************************************** _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
