Members Online
Total Online: 36 Web Spiders: 21
Guests Online: 33
Members Online: 3
Registered Members: 67080 Newest Member: nawazbugti
|
View Thread
| Author |
The Flash Drive Hack |
exidous
Member
Posts: 113
Location: ~Where My Proxy Says!~
Joined: 17.07.07
Rank: Uber Elite |
|
Once I mentioned in an article that there is a way to hack USB flash drive to autorun programs once it is plugged in to a computer and immediately someone posted a comment asking me how to do that. We all know that Windows doesn’t autoplay autorun.inf for normal USB flash drives but then there is a type of USB flash drive called U3 smart drive which will automatically launch “U3 Launchpad” when plugged into a computer. What hackers do is the remove the U3 Launchpad and replace it with malicious programs.
This is very dangerous because the hacker can program a scblockedript to extract and steal sensitive information such as visited sites, saved email and instant messenger passwords, wi-fi password, auto complete entries and etc… Other than stealing information, it can also be used to delete everything on a hard drive. Just wanted to clarify that it is not possible to do that on normal traditional USB flash drives. You will need a U3 smart drive such as SanDisk Cruzer Micro, SanDisk Cruzer Titanium and
U3 smart drive are slightly more expensive than traditional USB flash drives. I purposely went and bought a SanDisk Cruzer Titanium 4GB at the price of USD45 to test it out and then write an article for you to read… How nice of me! Here’s how I hacked my U3 smart drive to autorun malicious programs.
The concept of how can U3 smart drive autorun program is quite simple. Normal USB flash drives only has 1 drive letter but for U3 smart drive, it has 2 drives. One is the normal storage drive and the other one is an emulated CD drive.
It’s the emulated CD drive that autorun malicious scblockedripts or programs to collect information and then copies the stolen information to the storage drive.
There are 3 main ready made payload called USB Switchblade, USB Hacksaw and USB Chainsaw(still in early development).
USB Switchblade goal is to silently recover information from computers running Windows 2000 or higher. It is able to get password hashes, LSA secrets, IP information, etc… USB Switchblade also requires administrative privileges in order to run the payload. I will demonstrate on how to hack U3 smart drive with -=GonZor=- SwitchBlade technique.
1. Download -=GonZor=- Payload V2.0
2. Download Universal Customizer
3. Unzip the Universal Customizer to “C:\Universal_Customizer”
4. Unzip the -=GonZor=- Payload V2.0 to “C:\Payload”
5. Copy the file U3CUSTOM.ISO from C:\Payload to C:\Universal_Customizer\BIN replacing the old one.
6. Run C:\Universal_Customizer\Universal_Customizer.exe and plug in U3 smart drive.
- Select Accept and click Next.
- Close all U3 applications and any applications that access your U3 drive and click Next.
- Set a password for the backup zip file (Empty password not allowed)
- Click Next and it will start backing up data. Wait for the Universal Customizer to modify your CD partition and replace your files to the flash drive.
- The modification should now be complete, Unplug your U3 Drive and plug it back in
7. Copy “C:\Payload\SBConfig.exe” to the mass storage of the flash drive
8. Run SBConfig.exe from flash drive
- Select the check boxes of the Payload options you would like to use
- Enter your email address and password for the HackSaw if you wish to use it.
- Click “Update Config” button, a message box should appear to confirm this is completed
- Toggle between using the payload or not by clicking the “Turn PL On”/”Turn PL Off” button
- Toggle between using the U3 Launcher or not by clicking the “Turn U3 Launchpad On”/”Turn U3 Launchpad Off” button
9. You now have -=GonZor=- Payload V2.0 in your U3 smart drive which can automatically steal password once it is plugged in to a computer with administrative privileges.
I’ve tested it and it’s very scary because when I plugged in the hacked U3 smart drive with USB Switchblade payload, the payload ran silently and invisibly! It did not modify any system settings nor sent any network traffic. There is a log file created at F:\System\Logs\COMPUTERNAME (F: drive is the storage drive) by the payload and I am shocked to see that my network configurations, router password, Windows Live Messenger password, Google Talk password, Gmail password, all Firefox passwords, Internet Explorer passwords, ICQ password, Windows Product Keys and etc being recorded in that log file!
There are other techniques available for USB Switchblade payload that you might want to check it out.
As for the USB Hacksaw, it is an evolution of the popular USB Switchblade that uses a modified version of USBDumper, Blat, Stunnel, and Gmail to automatically infect Windows PCs with a payload that will retrieve documents from USB drives plugged into the target machine and securely transmit them to an email account. You can get more information about USB Hacksaw here.
As you can see, it wasn’t really hard to hack my U3 USB smart drive to become the ultimate hack tool. So be very careful when someone wants to plug in their USB flash drive, ESPECIALLY U3 smart drive into your computer.
If you accidentally used the payload on yourself or someone that you didn’t want to, I found two antidotes to remove it. The first antidote is by Spektormax. In Spektormax’s antidote, there are 2 antidotes, antidote(HOME).cmd and antidote(PRO).cmd. This is because Windows XP Pro has the tool taskill while HOME only has tskill. The PRO one can force stop a process even while it doesn’t want to be, the home cannot. Use the PRO if you can, use HOME if you only have XP home.
Author: Raymond
Download -=GonZor=- Payload V2.0 http://gonzor228.com/wp-content/uplo...Blade-V2.0.zip
Download Universal Customizer http://gonzor228.com/wp-content/uplo...Customizer.zip
This is NOT MY WORK! I just wanted to share!
|
 
|
| Author |
RE: The Flash Drive Hack |
Deamonspawn
Member
Posts: 60
Location: HELL
Joined: 18.05.07
Rank: Moderate |
|
y didnt you just give them this link???? http://wiki.hak5.org/wiki/USB_Hacks
 |
 
|
| Author |
RE: The Flash Drive Hack |
Skunkfoot
Member
Posts: 672
Location:
Joined: 01.09.06
Rank: God |
|
Don't use Gonzor's version, just go to their forums and pick up the USB pocketknife...
Today a young man on acid realized that all matter is merely energy condensed to a slow vibration, that we are all one consciousness experiencing itself subjectively, that there is no such thing as death, life is only a dream, and we are the imaginations of ourselves.
--Bill Hicks
--=[ Skunkfoot || Temet Nosce ]=--
|
|
|
| Author |
RE: The Flash Drive Hack |
only_samurai
[IRC Rockstar]
Posts: 984
Location: idling in some random irc channel
Joined: 18.08.06
Rank: .|unranked|. |
|
i would like to see proof that this device "automatically starts up on any computer." USB is a Master-Slave relationship. The Master (PC) is the only device allowed to begin a data transaction. The Slave (US cannot start sending commands without permission. Maybe they do have a way to do it, but it may be with some software you have to install or some change you have to make in windows. I doubt it works all the time anywhere. I'd love to be proved wrong, show me some proof. I viewed the site and watched both videos and saw no mention nor proof of this ability. someone have one that can tell us?
The problem with a fool-proof system, is eliminating the fool.
"His name is Cereal Killer...Like Fruitloops." If you cut me, I bleed binary.
http://blog.psych0tik.net/ |
|
|
| Author |
RE: The Flash Drive Hack |
stdio
Member
Posts: 375
Location: omnipresent
Joined: 06.04.08
Rank: God |
|
Well I can say that the U3 is a separate partition on the usb drive, and acts like an auto run cd. Computer owners have the ability to turn off auto run but most don't.
As far as Gonzo's version vs other Hak.5 ones I saw. Haven t looked into them really recently but 1 feature that is/was? unique to gonzos was putting the malicious files onto the read only partition of the U3 drive. This was particularly useful in that if a virus detector went off or tried to delete them, it would be unable to do so.
I'm sorry, I cant hear you over the sound of how awesome I am! |
|
|
| Author |
RE: The Flash Drive Hack |
Sabrewulf
Member
Posts: 152
Location:
Joined: 22.03.07
Rank: HBH Guru |
|
|
stdio wrote:
Well I can say that the U3 is a separate partition on the usb drive, and acts like an auto run cd. Computer owners have the ability to turn off auto run but most don't.
I have turned off the auto play on my CD/DVD drive, but left autoplay active for USB. If the U3 USB simulates a CD drive, I guess my computer wouldn't be vulnerable to this particular attack.
|
|
|
|
|
|
Main:
