Jump to content

DingleBerries

Dedicated Members
  • Posts

    1,291
  • Joined

  • Last visited

Posts posted by DingleBerries

  1. Grammar_Nazi_Logo.jpg
    SO MANY ERRORS! But I can for give that. Have you tried reformating it with GParted? Try erasing the flash partition(you cannot delete the U3).
    You can also try to flip the bit and mount it as a hard drive instead of a removable drive to sort of force mount it so that you can format it.
  2. [sic] but how do I flash the usb-drive with it?

    Universal Customizer. There are a few versions floating around. The newest version works in vista as well as on 4GB< drives.

    Does leroy jenkis work with an router that blocks ports

    leroy jenkis just starts the payload, makPNF.exe is the actual Trojan and atm it does not. Later I may release a UDP version that will work on routers that block ports.

    Is it possible to get the usb-drive not showing up options when inserting it what to do with it?

    I have no idea what that even means.

    Does it only seach in C:\ and is it possible to seach for specific names

    It searches HOME DRIVE/HOMEPATH, so if your drive letter is F:\ it will still work. The rest of the payload relies on the drive being the C:\ drive but that isnt a hard fix, remember this was done in less than a day. Right now it will only do extensions, Adding complete file names never really crossed my mind, i will look into it though.

    Cheers!

  3. 0x3, I am a bit confused about your question. Are you talking about installing asp shells and disabling firewall? I do not have any Server 2003 VMs atm, but that is easy to get ;). I was thinking about rewriting the backdoor in the future to support more things, and making it drop a file should be easy, i.e. have it sitting in the code then print it out to a text document named shell.php. It may take me a while, school and what not, but I will try to release what I can when I can(not all of my tools are here :, save the good stuff for my self :P).

  4. Give me remote desktop and I will break it for you, at a price of course. Shit isnt very hard to do, hell if your router can accept outside connections I can do it at my place. But a better diagram of your network would help. Is it a repeater?

  5. Let me explain it a bit more in detail.

    There are two folders(CD, Flash). The Flash folder has 2 files(2 exes and a bat). Autorun runs > Leroy Jenkins then opens a port in the firewall, copies the trojan(makPMF i think was the name), and then runs the bat script that searches for the drive containing DingleBerries.exe.

    On the flash side, just put all the files on the root of your drive.Dingleberries.exe gabs some info from the pc, writes the computers info to a txt file, rights the registry value to autorun the trojan, and then calls slurp.exe(you can remove slup and replace it with PWDUMP just rename it slurp.exe) Slurp looks in the ini to find out what file types you want slurped up and puts then in a folder like so, COMPUTERNAME > SLURPED FILES. One issue is that if the folder already exist it will stop everything. The client.pyw will require you have python installed. Go to one of the folders that has the computer info dump and type that IP into the client, you can now send commands.

    To use this you will need to make an ISO of the cd folder and flash that to the u3 side.

  6. Beggars cant be choosers. This is a first release made in less than 5 hours, maybe if we could get some more coders involved then there could be better product, but for now its me.. alone doing the work. All the info given is more then enough. Get wget on the machine and it is completely owned. From there you can download and execute other packages.

    And like it says, want to expand? Add more shit to then end of the bat to execute.

  7. Simple Nmap 4.85BETA5 command to scan for Downadup/Conficker.

    nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]

    But what does it all mean?

    -PN means to treat all hosts as online, and skip host discovery, which basically means don\'t try to ping ths hosts. This is useful because lots of hosts/firewalls drop icmp traffic.

    -T4 is used to speed up the scan

    -p139,445 tells it to scan those ports, which are related to samba windows file sharing

    -n says don\'t try dns resolution

    -v means make it spit out more information(aka verbose)

    --script=smb-check-vulns runs the lua script smb-check-vulns, which appears to check for a few different vulnerablities. This script gets passed the safe=1 option which according to the web page tells the script to only do checks which are presumably safe for the system you are scanning against; the page warns that unsafe checks on a compromised system may cause it to crash.

    Also more info on the approaching doom :rolleyes:

  8. Dingle Berries Load

    What you need

    A U3 device

    Python(for the trojan client)

    What it does?

    Install a backdoor(Terry the Trojan)

    Slurps Documents

    Opens Port for trojan

    Dumps PC info

    Writes a startup to the registry as;

    SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Microsoft Update >>>>> c:\makPNF.exe

    Want to update it? Add some new shit to the end of the .bat file.

    DOWNLOAD

    paypal-donate-button.gif

    Thank You in advance to those who click.

    UPDATE

    Use this .bat file instead.

    [size="1"]for %%i in (B C D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist %%i:\DingleBerries.exe 
     set dir=%%i
     cd /d %dir%:
     DingleBerries.exe[/size]

  9. No reason to kill AV if your program isnt picked up. So far I have this working:

    Create dir based on computers name

    Write a log of info from the computer, names, home drive, home path, ip address

    Create a directory to put slurped documents

    slurp documents

    Next I will be implementing a backdoor and a few other fun things. Still needs more ideas. Any one use delphi? I have a nice yahoo! webcam hack.

  10. That wouldnt be to hard to implement. Have an .ini, or .conf file where the user inputs the strings they want to run, i.e;

    hack.exe -i -l

    and have the proggy execute as such. Like a cross between nircmd and batch.

  11. I have a tool to dump the lmhashs, just most people do not have rainbow tables and brute forcing takes a while. I have some free time today to work on it all.

×
×
  • Create New...