Jump to content

DingleBerries

Dedicated Members
  • Posts

    1,291
  • Joined

  • Last visited

Everything posted by DingleBerries

  1. SO MANY ERRORS! But I can for give that. Have you tried reformating it with GParted? Try erasing the flash partition(you cannot delete the U3). You can also try to flip the bit and mount it as a hard drive instead of a removable drive to sort of force mount it so that you can format it.
  2. Universal Customizer. There are a few versions floating around. The newest version works in vista as well as on 4GB< drives. leroy jenkis just starts the payload, makPNF.exe is the actual Trojan and atm it does not. Later I may release a UDP version that will work on routers that block ports. I have no idea what that even means. It searches HOME DRIVE/HOMEPATH, so if your drive letter is F:\ it will still work. The rest of the payload relies on the drive being the C:\ drive but that isnt a hard fix, remember this was done in less than a day. Right now it will only do extensions, Adding complete file names never really crossed my mind, i will look into it though. Cheers!
  3. 0x3, I am a bit confused about your question. Are you talking about installing asp shells and disabling firewall? I do not have any Server 2003 VMs atm, but that is easy to get ;). I was thinking about rewriting the backdoor in the future to support more things, and making it drop a file should be easy, i.e. have it sitting in the code then print it out to a text document named shell.php. It may take me a while, school and what not, but I will try to release what I can when I can(not all of my tools are here :, save the good stuff for my self :P).
  4. For all of your malware related needs go to http://www.offensivecomputing.net/ BE WARNED all of those are real viruses so be sure its on a vm or an isolated network.. Also conficker C can tell if its running in a VM and will modify its behaviour as such
  5. And now you have sum XSS http://www.msoe.edu/campus/directory/detai...3E%3C/SCRIPT%3E http://www.msoe.edu/campus/directory/detai...SCRIPT%3E%22%3E http://www.msoe.edu/campus/directory/detai...3C%3C/SCRIPT%3E Now what you do is get an xss worm or cookie stealer and submit that to digg(because they are all retarded) and have people click in and steal their booty. Reddit wouldnt fall for that shit.
  6. keylogger would work much better in this situation, or a scam page since its a local attack.
  7. So what you want is a large logging firewall? Interceptor is invisible meant only for tapping a network. I do have a question, is this full duplex, also usually with my taps I need on NIC for RX and another for TX.
  8. Give me remote desktop and I will break it for you, at a price of course. Shit isnt very hard to do, hell if your router can accept outside connections I can do it at my place. But a better diagram of your network would help. Is it a repeater?
  9. Let me explain it a bit more in detail. There are two folders(CD, Flash). The Flash folder has 2 files(2 exes and a bat). Autorun runs > Leroy Jenkins then opens a port in the firewall, copies the trojan(makPMF i think was the name), and then runs the bat script that searches for the drive containing DingleBerries.exe. On the flash side, just put all the files on the root of your drive.Dingleberries.exe gabs some info from the pc, writes the computers info to a txt file, rights the registry value to autorun the trojan, and then calls slurp.exe(you can remove slup and replace it with PWDUMP just rename it slurp.exe) Slurp looks in the ini to find out what file types you want slurped up and puts then in a folder like so, COMPUTERNAME > SLURPED FILES. One issue is that if the folder already exist it will stop everything. The client.pyw will require you have python installed. Go to one of the folders that has the computer info dump and type that IP into the client, you can now send commands. To use this you will need to make an ISO of the cd folder and flash that to the u3 side.
  10. Beggars cant be choosers. This is a first release made in less than 5 hours, maybe if we could get some more coders involved then there could be better product, but for now its me.. alone doing the work. All the info given is more then enough. Get wget on the machine and it is completely owned. From there you can download and execute other packages. And like it says, want to expand? Add more shit to then end of the bat to execute.
  11. Nothing should be picked up by av, I coded all of it my self, with the exception of the trojan but I have full source for that.
  12. Simple Nmap 4.85BETA5 command to scan for Downadup/Conficker. nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks] But what does it all mean? -PN means to treat all hosts as online, and skip host discovery, which basically means don\'t try to ping ths hosts. This is useful because lots of hosts/firewalls drop icmp traffic. -T4 is used to speed up the scan -p139,445 tells it to scan those ports, which are related to samba windows file sharing -n says don\'t try dns resolution -v means make it spit out more information(aka verbose) --script=smb-check-vulns runs the lua script smb-check-vulns, which appears to check for a few different vulnerablities. This script gets passed the safe=1 option which according to the web page tells the script to only do checks which are presumably safe for the system you are scanning against; the page warns that unsafe checks on a compromised system may cause it to crash. Also more info on the approaching doom
  13. Dingle Berries Load What you need A U3 device Python(for the trojan client) What it does? Install a backdoor(Terry the Trojan) Slurps Documents Opens Port for trojan Dumps PC info Writes a startup to the registry as; SOFTWARE\Microsoft\Windows\CurrentVersion\Run Microsoft Update >>>>> c:\makPNF.exe Want to update it? Add some new shit to the end of the .bat file. DOWNLOAD Thank You in advance to those who click. UPDATE Use this .bat file instead. [size="1"]for %%i in (B C D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist %%i:\DingleBerries.exe set dir=%%i cd /d %dir%: DingleBerries.exe[/size]
  14. Just finished a payload. I will update this post with the link in a min. LINK http://hak5.org/forums/index.php?s=&sh...st&p=127943
  15. When did they forget their passwords? Are the cookies still stored on the computer? Yahoo has a weak hash when handing out cookies so the password can be decoded and used.
  16. No reason to kill AV if your program isnt picked up. So far I have this working: Create dir based on computers name Write a log of info from the computer, names, home drive, home path, ip address Create a directory to put slurped documents slurp documents Next I will be implementing a backdoor and a few other fun things. Still needs more ideas. Any one use delphi? I have a nice yahoo! webcam hack.
  17. Phishing page + social engineering + browser address bar exploit = WIN
  18. So now you wont be able to see if you have the worm? Why shut down, all you are doing is evading the inevitable.
  19. That wouldnt be to hard to implement. Have an .ini, or .conf file where the user inputs the strings they want to run, i.e; hack.exe -i -l and have the proggy execute as such. Like a cross between nircmd and batch.
  20. I have a tool to dump the lmhashs, just most people do not have rainbow tables and brute forcing takes a while. I have some free time today to work on it all.
  21. Here are a few tools. Dont know if they are picked up by av yet http://www.foofus.net/fizzgig/pwdump/ http://swamp.foofus.net/fizzgig/fgdump/ I also have a tool that dumps the c:\windows\system32\config directory, might need some working on havent looked at it in a while.
×
×
  • Create New...