Vgyan.comStealth copy pen drive in the background
Posted by Goutam Mandal on January 4, 2010
It did so happen that few days back that one of my friends came to my house along with a nice video in his pen drive on how magic is done. We watched it together and it was awesome. But after it was over, I wanted to keep a copy of that video so that I could watch it later but he did not let me do so. Now it was really horrible that after watching a 2 hour long video on my computer he did not allow me to keep it. So I thought of doing something so that next time he comes, I could copy everything from his pen drive without giving him a hint of what I am doing.
Note : This process should not be adopted to steal sensitve and/or confidential data without the prior notice of its owner. Read disclaimer before proceeding.
The Plan:
So basically the whole thing should be done with a key stroke or with a combination of few keys and neither anything should be appearing on the screen nor any notification should be displayed. As for the copying part, it could be easily done with a batch file. But the main problem was how to run that file in the background as a process so that nothing comes up on the screen. This was accomplished by using a Visual Basic Script (VBS). However the whole thing could be done by using the vbs file only, but I always like those .bat files 
.
Procedure:
The whole process can be setup in 3 simple steps.
Step I : Making the batch file
The batch file simply copies the entire contents of a drive to a pre defined location on the hard disk. As in the case of my computer, the drive letters on my system end with G: (DVD drive). So when a removable media (like a pen drive) is inserted it will be assigned the letter H. And if more usb sticks are plugged, the they will be assigned I:, J: and so on. So you should create different batch files for different drive letters that may show up.
@ECHO OFF XCOPY H: D:\Copy_of_I /E /H /I /Q /Y ATTRIB +H D:\Copy_of_I EXIT
Here the dos command XCOPY has been used instead of simple COPY because the latter does not give much option while copying. The parameters passed along with XCOPY are described below.
/E Copies directories and subdirectories, including empty ones. Otherwise only the files in the root of pen drive will be copied leaving the files inside folders.
/H Copies hidden and system files also (incase any of the files in the pen drive are hidden)
/I If destination does not exist and copying more than one file, assumes that destination must be a directory.
/Q Does not display file names while copying.
/Y Suppresses prompting to confirm you want to overwrite an existing destination file. Be careful while using this switch because it will overwrite any files the destination directory if it has same name with any of the files in the pen drive without any warning. This has been provided so that the copying process does not get halted in the background if such a situation arises.
In the next statement the attribute of the destination folder (where are the contents are copied) is set to hidden so that the fellow cannot figure out that the contents of his drive had been copied while browsing in explorer.
Step II : Running the batch file stealthily in the background
For this purpose the batch file is executed through a VB script
Set WshShell=WScript.CreateObject("WScript.Shell")
obj=WshShell.Run("hdrive.bat",0)
Set WshShell=Nothing
If invisible.vbs and hdrive.bat are not in the same directory then you need to specify the entire path of hdrive.bat.
This VB Script runs the batch file in the background and the process can only be stooped from the task manager. Instead of hdirve.bat any other program can be also be run and then it won’t be listed under the Applications tab of Task Manager. Instead it needs to be stopped from the Processes tab.
Step III : Assigning key combination for running the program
Create a shortcut of invisible.vbs on the desktop and change its properties as under.
So whenever you are on the desktop and press the shortcut key combination, invisible.vbs gets executed which in turn invokes hdrive.bat and the entire copying process takes place in the background, without the notice of the person sitting on the system.
phoxis said
hehe, a good one.
kumar said
1) For this vbs shortcut execution process, any vb related or other s/w is needs to be installed?
2) If we put this vbs file shortcut in startup then is it run automatically, when used logged in?
Goutam Mandal said
1) No additional softwares need to be installed to execute the vbs file. Required files for vbs comes bundled with Windows.
2) Yes, definitely. If you place the vbs shortcut in your startup folder then it will get executed as soon as the user logs in.
kumar said
Thanks for your reply and confirmation…
kumar said
Hi Goutam Mandal,
I want one more help from your side.Please try to give solution for my following question.
In Windows-7 OS, is any option available for enabling the ADMINISTRATOR password request show dialog, while Guest user connects any Removable storage (like pendrive, DVD, CD) devices?
Normally Guest user try to install any S/W then it will request to type ADMINISTRATOR password. But during pen drive inserting time it won’t ask like that.
Can u please give any idea for this?
Thanks in advance
Regards
Kumar
Goutam Mandal said
I am sure there will be some way out.. Actually I am little busy these days… I will search a solution for this problem as soon as my exams are over… Your patience is appreciated…
kumar said
Hi Goutam Mandal,
I have tried your approach of “Stealth copy pen drive in the background“ at my home laptop (Windows7 OS-P5 processor)And put the invisible.vbs file in windows startup.
Its run only after pen drive inserted and we need to login.
I have tested. After login, if we insert the pen drive then it won’t work.
I expect after user login also files will be copy to temp location.
Can you please provide your view for this?
Regards
Kumar
ali said
Sir, I have tried it. But in cmd it works. I donot know how to create a .vbs file . and i still do not understand how it will work.
Reply me soon.
“I shall be very thankful to you”
Goutam Mandal said
Nothing special is required to create a vbs file.. All you need to do is write the code in notepad and save the file as filename.vbs format and not as filename.txt or filename.vbs.txt. For that, when you are asked for the filename enter the filename as “filename.vbs” (along WITH the quotes). This will ensure that your file is saved as VB Script.
ali said
I have made the both of files and set them according to way you have told me. but when i press the shorcut key to copy files from usb, the same time the window of command prompt appear before me.It does not start in hidden mode. Tell me the way how can i do this.
reply me soon, I am waitting for your answer.
Goutam Mandal said
The VB Script is responsible for starting the .bat file in hidden mode.. I guess there is sumthing wrong with the vbs. Just try executing the vbs by double-clicking on it instead of running it thru shortcut. Moreover I have shifted to Linux (Ubuntu) and I am no more a Windows user.. Otherwise I would have tested it once again.. Just execute the vbs directly and let me know if the problem still exists..
ali said
It works, but it does not start in hidden mode
Reply me soon
Goutam Mandal said
It should have worked.. Anyways I am extremely sorry that I cannot try this as I do not have Windows installed on my system.. It is the VBS file that is responsible for starting any program (in our case, the batch file) in hidden mode as a Windows Process instead of loading in to memory as a Windows Task. I think Googling can help you sort out the problem.. Kindly post the solution to this prob in this thread so that other visitors can benefit..
ali said
OO brother, just tell me the simplest way to run this in hidden mode.
I am waitting for your response. Only the problem is occuring with me is this that the cmd does not start in the hidden mode. It appears as windows before me, but it copies all files to the distination folder Only this is a problem that the “cmd does not run in the hidden or invisible mode”
I am waiting for your response
ali said
Ok thankyou very much. If I got any solution about it then i will post a message . and i have some informative pics. if you will give me your email adress i will send it you. you will realy enjoy them.
Thankyou very much
Goutam Mandal said
My Email Address :- goutam7610 [/at\] gmail [/dot\] com
ali said
heloo!!!!
How r u
, Have u ever use smtp server, if u have used then tell me, what is procedure and how it can work.
Reply me!!!!!!
Tejan Agarwal said
As soon as i execute the cmd command for copying, the files are getting copied but the folder is getting removed from the system and i am not able to retrieve it. Will you please help me out in this matter.
Goutam Mandal said
The folder is Hidden after the copy is complete. So you need to enable Show hidden files and folders from Control Panel -> Folder Options.
I hope this helps. Let us know if the problem persists.
Tejan Agarwal said
I tried that too enabled the show button but the folder is still invisible. I tried it in two differemt systems and both of them have the sam problem.
Tejan said
The file was getting converted into a system file that’s why it was not showing it in the hidden folder also. I am now able to see the folder and the files present in it.