Learning Attack PE

Get the Word Out there

We are looking at the Windows version of the “Key to the City”, I am referring to A.P.E. While it does seem to be an 800lb gorilla, this is best know as “The Attack preinstallation Environment“. This will be installed to a USB device, and will provide access to all the goodies within the system that you own or have permission to run test on (Yes I have to throw that in). This could be to copy the SAM files, install exploits/payloads, or any number of things that will aid in “owning” a system you have physical access too.

A.P.E. is chalked full of tools to assist all of you prying needs you can find a much better write-up with feature tools list on  n1trog3n’s site. As mentioned in sablefoxx’s walkthrough you can find the ape_usb software HERE.

you will need to pick up the rainbow tables for the version of windows, both Windows XP and Vista are available, although i am not sure how much the XP tables will help, as it has been retired.

You can also find a  fair amount of info on the HAK5 forums on the topic.

As your bound to find out during your research of this program, there isn’t much available in the way of tutorial or walk through.  So to help aid the cause I decided to include some screen shots of A.P.E.’s file structure.

And For an added bonus, I have included the Readme file from inside the uncompressed executable.


||                                            USB Pocket Knife By Leapo                                        ||
||                                                                                                             ||
||                                                     v0.8.8.0                                                ||
|                                                                                                               |
|                                              <<<< Initial Setup >>>>                                          |
|- Begin by running Menu.bat and selecting “Manage Settings and Modules” from the menu. From here you can enable|
|  or disable any of the modules that make up this payload, as well as manage “Other Settings” like the e-mail  |
|  address the payload will send certain logs to (The Haksaw and NMAP for instance):                            |
|   o Unless you are running from a large storage device like a USB hard disk, it’s recomended that you disable    |
|     the second Slurp option, because it will attempt to copy the entire contents of the current user’s        |
|     My Documents folder to the switchblade. it’s also worth noting that this can take a considerable ammount  |
|     of time!                                                                                                  |
|   o The first Slurp option, on the other hand, will usualy only copy smaller files (chat logs, bookmarks, etc)|
|     , so it’s usualy safe to leave enabled. Just keep in mind that even having this smaller portion fo slurp  |
|     enabled can add minutes to the time required for the switchblade to finish running!                       |
|- You must run Menu.bat and input your email address and password if you want the Haksaw, NMAP, and the        |
keylogger to function (Manage Settings and Modules > Other Settings > Edit Email Configuration).             |
|- You must also edit your stunnle configuration (option is directly under email configuration) if you wish to  |
|  use somthing other than gmail.                                                                               |
|                                                                                                               |
|                               <<<< Non-U3 users: Remember to Save Your Changes >>>>                           |
|- If you’re not using a U3 drive, once you are finished making your changes to the payload be sure to          |
|  “Update the Backup Archive” so you can restore the payload if an antivirus nukes it:                         |
|   o The “Update Backup Archive” command can be run from Menu.bat, located under “Backup Management”           |
|   o You may also wish to turn on “Auto Restore” which will restore your payload before every run to make sure |
|     it’s always working. This option is only available on NON-U3 drives and will only work after a backup has |
|      been created. Keep in mind, auto restoring may cause the payload to take significantly longer to execute. |
|                                                                                                               |
|                                              <<<< Auto-Update >>>>                                            |
|- Currently, Auto-Update is not available for U3 drives, as it would involve reflashing the U3 partition.      |
|- For Non-U3 users, you’ll notice the auto-update option in Menu.bat, running this will update many of the     |
|  executables in the payload with the latest versions from the web.                                            |
|   o Note: This will not update you to the latest version of the payload, it only updates some executables     |
|     within the payload.                                                                                       |
|                                                                                                               |
|                                                                                                               |
|                                                <<<< Usage >>>>                                                |
|- If autorun is enabled, the switchblade will simply run itself if you’re running from a U3 drive, or after    |
|  clicking the first option in the Autorun dialog box if you’re just using a normal flash drive.               |                                                                                                 |
|- Logs will be dumped into the “X:\Documents\logfiles\%computername%\” folder automaticly.                     |
|- If autorun is disabled, you can manually start the payload using Menu.bat                                    |
|                                                                                                               |
|                                                                                                               |
|                                         <<<< Connecting to WinVNC >>>>                                        |
|- Port: 5900 or 80                                                                                             |
|- Username: N/A (no username)                                                                                  |
|- password: “easy” “hacked” or “yougothacked”, I’m not exactly sure which one it’s set to                      |
|                                                                                                               |
|- TightVNC Viewer has been included under “?:\TOOLS\vncviewer\”                                                |
|                                                                                                               |
|                                                                                                               |
|                                         <<<< Retriving Logs Safely >>>>                                       |
|- Create the file “saftey.txt” on the root of your C:\ drive, leave it blank, it just needs to be in that spot.|
|  start.bat looks for this file and does not allow anything to run if it is detected on the root of the drive.    |
|- If you disabled the safety.txt check from menu.bat then you can hold Shift while inserting the drive to      |
|  prevent autoplay from starting the switchblade.                                                              |
|- There’s also the option to “disarm” the payload compleatly, which will prevent it from running no matter what|
|  computer it’s plugged into. You will, however, need to have plugged the drive in to change this setting      |
|  inside of menu.bat.                                                                                          |
|                                                                                                               |
|                                                                                                               |
|                                              <<<< Mad Props!!! >>>>                                           |
|-For everybody out there who’s lent a major contribution to the success of this payload, I give you my thanks! |
|   o GonZor                                                                                                    |
|   o Tmbomber                                                                                                  |
|                                                                                                               |

We at Aimless Wanderings want to help assist the local humane societies find homes for their older cats. An older cat is harder to find a forever home, by taking the fees away from the adoption we hope to make their stay in the shelter as short as possible.

These fees range between $40 and $70 dollars, as we are looking to sponser the older ones of the group. The Humane Society we are currently working to help is the Conway Humane Society you can find the site and there current list of furry residences at