carrot.exe

Ladies and gentlemen, i will hereby release the carrot.exe!

What is it? You might ask.

Well, it's just a compilation of various security related tools found around the net.
All from NirSoft's password recovery utilities, to PwDump7 and the Abel backdoor (?) from Cain & Abel.
And of course some other nifty tools (like netcat). I do not take credit for their efforts of producing those applications.
As i said, this is simply a compilation. If you, got any complainants about them being released in this format, they will be removed.

Anyway, here's a list of it's arguments:

--[ Name:   Carrot v1.0
Author: Fredrik N. A .          [Big ASCII-carrot goes here.]

--[ Obvious:
/help    This message.

--[ Parameters:
/32      Force to use only 32-bit payloads.

/64      Force to use only 64-bit payloads.
If non of the above arguments are specified,
carrot will use one based on the CPU architecture.

/file=*  Specifies a file to use, where the asterix is the
name of the file.

--[ Password:
/im      Grabs the passwords of MSN Messenger, Windows Messenger,
Yahoo Messenger, ICQ Lite 4.x/2003, Miranda,
AOL Instant Messenger (With Netscape 7), Trillian and GAIM.

/ie      Grabs the passwords stored for Internet Explorer 4.0, 5.0,
6.0 and 7.0.

/ff      Grabs the passwords from Mozilla Firefox.

/gc      Grabs the passwords from Google Chrome.

/wlan    Enumurates all stored WEP/WPA keys on the current computer.

/vnc     Recovers VNC passwords.

/ps      Grabs password(s) stored in the "Protected Storage".

/np      Grabs password(s) stored for NetBIOS and various SMB services.

/mp      Grabs the passwords of Outlook Express,
Microsoft Outlook 2000 (POP3 and SMTP Accounts only),
Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP, SMTP Accounts),
IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird,
Group Mail Free.  And various programs associated with neither
Hotmail, Gmail or Yahoo!

/dialup  Grabs the credentials for DialUp modems.

/pwdump  Dumps the SAM file and all NT/LM password hashes.

--[ System:

/driver  Dumps all installed drivers on the current machine.

/clean   Removes general windows logs, all from security-logs to last
viewed files.

--[ Browser:

/bm      Dumps the bookmarks of Opera, Internet Explorer, Firefox
and Chrome.

/ieco    Grabs the Internet Explorer cookies.

/ieca    Grabs the Internet Explorer cache.

/iehi    Grabs the Internet Explorer history.

/ffco    Grabs the Firefox cookies.

/ffca    Grabs the Firefox cache.

/ffhi    Grabs the Firefox history.

/opca    Grabs the Opera cache.

/gcca    Grabs the Google Chrome cache.

--[ Network:
/ports   Grabs all interal open ports and connections.

/net     Grabs network shares on the current workgroup.

/nc      Extracts netcat (nc.exe) to the current directory.

--[ Miscellaneous:
/beep    Beep!

/bsod    Causes a Blue Screen of Death.

/mic     Records the microphone for 10 seconds.

/flip0   Flips the monitor 0 degrees.

/flip90  Flips the monitor 90 degrees.

/flip180 Flips the monitor 180 degrees.

/flip270 Flips the monitor 270 degrees.

/scrshot Takes a screenshot.

/webcam  Takes a picture with all webcams.

/serials Grabs up to 200 serials.

/freeze  Freezes a process,
/file= must be used!

/kill    Kills a process,
/file= must be used!

/shdown  Shutsdown the computer.

/rstart  Restarts the computer.

/logoff  Logs off the current user.

/lock    Locks the current users session.

--[ root:
/down    Downloads a file,
/file= must be used!

/astart  Autostarts a file,
/file= must be used!

/hide    Gives a file "Hidden" and "System" permissions,
/file= must be used!

/nowin1  Disables Windows Firewall.

/nowin2  Disables Windows Firewall.

/nouac   Disables Windows UAC

/abel    Extracts the Abel backdoor from Cain & Abel.

What to use it for?

Meh, don't know, be creative. Fancy USB payload maybe?

It can be used by security professionals to demonstrate the insecurity of the target computer if it lacks a firewall and/or antivirus.
Also, it makes it easier for computer administrators to recover lost usernames and passwords for various services.

However, you may only use this utility on computers you have permission too.
Otherwise you might end up breaking the law, depending on which country you live in.
Stay safe.

Anyway, here's the download link carrot.rar.

Oh yeah, you require the .NET framework version 3.5 or above.
So this program will run on Windows Vista, Windows 7 and Windows Server 2008 without any mess.

Hey, I'm Fredrik. I'm from Sweden, born 1990, and I got a huge interest for information technology and information security. So far, I've been studying for three years at the Internation IT College of Sweden and one year at the Royal Institute of Technology (Kista, Sweden). I'm one of the Co-Founders of Detectify. I'm working closely together with the swedish firm Young & Skilled. ...Not to forget, I'm the previous founder of Arctic Security. If you wish to contact me, please email me at h@ackack.net or follow me on twitter @Almroot.

3 Comments

  1. Fredrik Nordberg Almroth says:

    "...Meh, don’t know, be creative. Fancy USB payload maybe?"
    I got inspired by my own post, so here you go!
    Copy paste this to the root-directory of your USB stick. Read the readme, and change exploit.bat after your needs.
    http://downloads.ackack.net/USB.rar

  2. Dump Windows password hashes efficiently « thaond1986 says:

    [...] is my first choice. It is one-executable only tool and reliable. Another tool to consider is carrot, a bundle of other tools (primarily from NirSoft), good to dump Protected Storage credentials. [...]

  3. Dump Windows password hashes efficiently says:

    [...] third-party software stored credentials. Many of these are bundled in one-executable only tool, carrot. If you have got a Meterpreter shell onto the target system, Metasploit is handy to dump [...]

Leave a Comment