Jump to content

DingleBerries Tantō Payload


DingleBerries
 Share

Recommended Posts

System.exe detected by NOD32 antivirus as NewHeur_PE (Virus)... When downloading the .rar.

With the payload.exe, I get another advice with b2e.dll as Win32/Qhost.NFV (Trojan) with NOD32. Is the b2e.dll part of the backdoor?

I think the payload.exe does the payload.bat stuff with the AdminGroup variable given by 1.vbs, installing all the keylogger and backdoor, opening ports, adding reg keys, etc...?

Are all the needed programs packed in the payload.exe?

The medicine continues going wrong with not conventional paths, It can be done by using a similar way as for installing the payload.

I like the easy and effective way the keylogger works but it doesn't work with combination of [ALT]. When a combination is pressed (as [CTRL]+something) the [CTRL] is printed many times... I assume no clicks are saved to the keylogger log...

I will be testing some of the functionalities in a few days.

Too many things? :lol:

Good job and many thanks for the credits!

Link to comment
Share on other sites

I think the whole bat to exe is whats doing it, so thats not going to work.. I just had a chance to try this out on a computer, and i was only able to get it to work it it was in a folder on the desk top.. so ill get some time and work on that part :/

I feel you didn't understand me (sorry, probabily it's my poor english). The question was if the payload.exe is a compilation of all the needed files (included keylogger and backdoor) or if payload.exe needs the batches, the 1.vbs and the other exes to go? :blink:

Link to comment
Share on other sites

Then I will be testing the reason of not running almost it is in a desktop folder. The code seems to be ok, but... Hummm....

:Edit

Issues with Telnet:

By the way, there's some problems with the Telnet Service. The TlntSvr doesn't start with

sc config TlntSvr start= boot

but with

sc config TlntSvr start= auto

In other hand, Telnet Service is disabled with XP SP2 and we can launch it but is not available in XP Home. Then we must to check what OS we have to do the task or creating the entire service to use correctly (can do it by vbs).

Another thing to check for assure the service start is that TlntSvr is installed in the machine. For doing so, we can check for the correct branch in reg (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr) and operate accordingly with adding the service or not. It only will take a few lines to check it and if is not installed, we can add easily the needed keys to the registry with the batch or the vbs to operate the Service correctly.

Before of enabling the Telnet Service, I think is better option to stop the NtLmSsp Service (NT LM Security Support Provider) before enabling telnet.

net stop NtLmSsp

The final code would be...

tlntsvr /service
net stop NtLmSsp
sc config TlntSvr start= auto

But definitively, Telnet has problems in Windows XPSP2... What about using nc?

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...

yeah I reformatted and it deleted everything in my drop box. I have been playing with pod slurping a bit. These things are not by any means hard to make. If you can get a list together of things you want i will be more than happy to make it happen, with a little help from the community of course.

Link to comment
Share on other sites

In the Slurp thread below there is a new payload to slurp documents. You can modify ls's python to instead slurp just the keyloggers file. ATM i cant remember what the file name it, however putting it inside a empty folder and running it will produce a file, open that in note pad and there is your logtxt.

Link to comment
Share on other sites

Dont think I am. To me, payloads are meant for a specific systems so there is not always 1 payload that will get the job done. I may go about making another one when I get a bit of time, or money, but atm slurp is accomplishing many of my needs.

If there is a specific payload that you need made just pm me. Depending on what coding is necessary the individual payload(special to each user) will be 20USD

I may get together with a few members and start up another payload however this thread should be closed as I will not be reupping this or supporting this payload anymore.

Link to comment
Share on other sites

Specific payload to an specific system? Hummm...

I think that with the correct programming issues, It'll be factible to have one payload for all systems, the question is that you have to check many things before doing the work as os version, installation language, good checking of paths, checking for privileges, vulnerabilities, bypassing av, etc.

It's why I was writting a new payload, of course :lol:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...