How to: Install Fuzzbunch & DanderSpritz?

I’m thinking I might already be a week late posting this today, but this post about Fuzzbunch and DanderSpritz has been sitting in my drafts for all this while and I thought of completing it any way.

As all of us know by now that the Equation Group gave us all an early Easter surprise by release an awesome cache of tools that were targeted against the Microsoft Windows operating systems – some of which are End Of Life – and other software’s along with a bunch of backdoors and rootkit. My older post – List of Equation Group Exploits already lists the names of the tools and their targets. With that cleared, moving on to the main topic of interest. Download the files listed under “EQGRP_Lost_in_Translation” and proceed.

What are Fuzzbunch & DanderSpritz?

Fuzzbunch is what Metasploit is to penetration testers. It is an an easy to use framework written in Python, that allows you to launch exploits and interact with different supported implants. DanderSpritz is a Java based management command & control console to administer compromised computers. Think of it is a Remote Access Trojan to control your “servers”.

EGRP-Windows
EGRP-Windows

This is how the decompressed files look and the ones marked are Fuzzbunch (fb.py) & DanderSpritz (start_lp.py). At first, I tried running it with Python 2.7.13, but was unable to do so. Later as I read the code, I found the following:

#!/usr/bin/python2.6

and


SUPPORTED_ARCH = {
'win32': 'x86-Windows',
'linux2-i686': 'i686-Linux',
'linux2-x86_64': 'x86_64-Linux',
'solaris': 'sparc-SunOS'
}

So, you see you need Python 2.6.x (I used Python 2.6.6) on either of the above mentioned operating systems in order to run Fuzzbunch. It is used to invoke various attack modules. The use of these modules tend to be automated, where the modules automatically share information. Modules can also be modified by modifying their related XML files to define their own parameters.

Further, the source code reveals this:

mswindows = (sys.platform == "win32")

if mswindows:
import win32pipe
import win32file
import pywintypes
import win32event
import subprocess

So, you also need Python for Windows Extensions (PyWin32). I took a chance and downloaded the latest version pywin32-221.win32-py2.6.exe from here. Thinking that I had everything ready, I launched Fuzzbunch. I was greeted with a message about some directory not available. The answer to which is creating the following directory:

windows/listeningposts

Post all this on my Windows 7 test machine I got this:

Fuzzbunch
Fuzzbunch

Now, onto DanderSpritz – there are two ways to execute this C&C tool:

  1. Running Start.jar
  2. Running start_lp.py

The first time you execute DanderSpritz, you get a screen asking you for various configuration:

DanderSpritz
DanderSpritz

After you press “Go”, you are taken to a screen that looks like this:

DanderSpritz-Main
DanderSpritz-Main

The errors in red tell you what you are missing. So you can simply create a logging directory by running the configure_lb.py script.

One more of the errors mentioning a missing file can be can be overcome by creating a dszopsdisk-x.zip archive. I think it was meant to have all the contents under “/storage“.

That’s all for now folks!