Forum Thread: Usb Revenge

Usb Revenge

So I have a little situation, in the area that I live, there is a communal parking lot. And every month or so, somebody goes around breaking into vehicles and takes what ever they can. Last time was my bank card id insurance papers and my favorite usb! It was multiple partitions, persistant kali, redhat, Windows 7 and a kerpersky anti virus boot tool.

Now, hypothetically speaking, if I were wanting to leave a flash drive in my truc with an auto-backdoor and key logger. What would be my best options.

24 Responses

Im sure the one that has taken the usb will sell it..
And im pretty sure it will be formatted..

Autorun is disabled in most pcs now.. so you have less chance..

Ive heard of the rubber ducky but haven't ever had the chance to play with one. I was thinking something along the lines of infecting a mp4 or pdf file and having something malisious install in the back when he goes to watch "girlfriend video.mp4"

What if he formats the usb man??
No use..

why auto run or rubber ducky? why so complicated?!

most likely the person who breaks into cars probably has no idea what he is doing. so this is one thing you can do:

  1. make a .bat file in the flash drive, and give it a name like "mainlib" or something, so the batch file icon won't look suspicious.
  1. paste this code in the bat file you just created. NOTE: This code is DEADLY!
  1. create a shortcut that executes the .bat file in the root directory of the USB (MAKE SURE YOU PUT THE .BAT IN THERE TOO!).
  1. right click on the shortcut and press "properties", and there, change the icon to something friendly looking.
  1. from the properties window, click on "Advanced" button, and check "Run as Administrator".
  1. Give the shortcut a more friendly name, according to the icon you picked. for example, if you gave it a video icon, name it "girlfriend-strip". you know... something that will attract them to click on it.
  1. ...
  1. PROFIT!!!

when he clicks the shortcut, the bat file will execute in administrator mode, and pretty much f*ck over the entire system.

if he decides to run it as normal user, it will still do some serious damage to his personal files.

to the ones thinking that people aren't stupid enough for this: they are, trust me. i used this method on a group of people who were bullying a friend of mine, 10/11 activated the bat in ADMIN MODE! the last one just activated it in normal user mode.

have fun, and keep me up to date on this!

-Phoenix750

Nice method man! 1+

What if its not a Windows he puts it in... Wont wok on Mac... No Offence just discussing.
Maybe we can come up with a multi-platform solution.

Guys that have macs dont steal what inside cars :)

exactly.

-Phoenix750

Phoenix, are you able to link the code again. For some reason its not loading for me. I'm curious to know what it does to the system.

-Leo

Link to different pastebin.

A little note: the code is not completely mine. a friend of mine wrote the piece that destroys the victim's personal files, whereas i wrote the part that disables mouse and keyboard input, aswell as the part that deletes other system files. He wanted to throw away his old WinXP laptop and we decided to have some fun with it first >:)

-Phoenix750

That's awesome!! Quick and simple!
Thanks Phoenix!

+1 For Phoenix solution, but I would add something that steals his browser cache / cookie to look for personal data like facebook, twitter, instagram account... something that can correlate him (or one of his buyers) to a real name. You could also dump his wireless password and get router mac, then match with some huge database like Wigle to get his approx home address, you can collect more evidence (say, he's selling stolen stuff online). Then hand everything to police or ... well, be creative, because he'll be totally owned by then.

I agree, but remember that you are also breaking the law by doing this. So I don't really know if it is a good idea to do this.

-Phoenix750

Well, sometimes ' The end justifies the means'. Collecting evidence should indeed be made by professionals, but where budget is too low to go after small thieves or installing security cameras, a honest citizen has the right to defend his property. Besides, disrupting compuer data is illegal as well, so neither our solutions are legally viable. Iif someone steals your phone, and you follow him with 'find my droid' or similar, you are actually violanting his privacy as well, even if he stole it from you. Sometimes the right thing to do is not legal, but ethically speaking, you served a favour to a whole community.

Valid points.

-Phoenix750

I think the public service would be the best outcome from this. Being able to know exactly who has been breaking into cars would make all my neighbor's sleep a little easier at nights. The thief has hit up almost everyone in my complex at one point or another. And as far as the legallity of it goes. The thief would have to admit breaking into my truck in order to steal the flash drive if he wanted to report it which would just screw him over. No court would say "even though he broke into my vehicle, stole the flash drive, opened the malisious file from an unknown and untrusted source" that I would be found in the wrong/guilty. Although I'm not a lawyer...

Either way I'm off to buy a new flash drive afyer work tonight to hang on my rear view mirror just incase somebody gets currious...

Love where this post is going btw!

Nice. I didn't even think of that! I wish you the best of luck with this, and keep us updated!

-Phoenix750

Just called the local authorities to get some info from the official side of things. I was told as long as I dont steal any info, and as long as he has to get into my personal space without permission to get access to the drive, then I am completely 100% legally not responsable for what he does with it since he had no right ro get it in the first place!

Why don't you just call the cops for the thief?

-Phoenix750

The officer said they just use the data to put into stats but won't investigate unless there is a major theft or something. For breaking in, stealing small cash and change and what ever else they can find just isn't worth the time and effort. When I explained what the flash drive did and how it worked, the officer just started laughing and staying to do it and there is nothing illigal about it.

:D

i hope my idea works.

-Phoenix750

Me too,

I'm actually very excited about this and can't wait to give it a test run b4 putting it in the tuck and leaving it for next time he tries to take what isn't his!!

Thanks again Phenix!

make sure you don't run it on your PC, but in a virtual machine!

-Phoenix750

Share Your Thoughts

  • Hot
  • Active