Irregular Expressions:

April, 2013

April 28, 2013  2:59 AM

PHP Bot Decoding – Part 1

Posted by: Dan O'Connor

The good news is we can handle these samples very easily. The first base64 looks like it will take a bit of work but the second one we can decode right now. I just happen to have a perl script I wrote to do just the thing. #!/usr/bin/perl use Compress::Zlib; use...

April 28, 2013  2:43 AM

Looking For Samples?

Posted by: Dan O'Connor

Practice is always good.  There is a few sites a look at when I am looking for things to analyze, one that always seems to have something for me to look at is I just pulled what looks like a...

April 28, 2013  2:12 AM

SSH Brute Force Scanner – Tools Used

Posted by: Dan O'Connor

I mentioned a few tools as I was looking at the unixcod scanner, but I thought it would be nice to place them all in one post. IDA Pro Free; One thing I did not mention about this, is that it...

April 28, 2013  1:55 AM

SSH Brute Force Scanner – Part 6

Posted by: Dan O'Connor

Well after working with the scanner for a couple hours I cannot seem to entice any other behavior out of it other then collecting a list of IP's and associated logins.  Also after more static analysis of it I cannot see anything that says it will do more then that. I did do some looking around...

April 27, 2013  12:04 AM

SSH Brute Force Scanner – Part 5

Posted by: Dan O'Connor

I have been doing some basic things with 'atack', one of the first things I do with samples is run 'strings' against it. I find this a great way to try and see what the binary is going to do before you start running it in your test environment. I have a few suspicions about it, one of them is I...

April 26, 2013  1:40 AM

SSH Brute Force Scanner – Part 4

Posted by: Dan O'Connor

I have made some progress with 'atack' just attacking my local analysis machine. I still have lots of work to do but I have figured out some more of what it is up to. Currently I still do not know the purpose of adding the digits when executing, but I am sure I will figure that out once I start...

April 24, 2013  9:47 PM

SSH Brute Force Scanner – Part 3

Posted by: Dan O'Connor

Next it seems like they started counting all of the lines in the 'ip.conf' that contained periods '.' and then stored them in '$oopsnr2', but then they do not call it again. oopsnr2=`grep -c . ip.conf` echo "[+] Incepe partea cea mai misto :D" echo "[+] Doar $oopsnr2 de servere....

April 24, 2013  9:13 PM

SSH Brute Force Scanner – Part 2

Posted by: Dan O'Connor

The 'data.conf' file is a list of usernames and passwords to attempt. It contains 24,024 combinations. root root admin admin test test guest guest webmaster webmaster The included file 'find' appears to be a network

April 24, 2013  8:54 PM

SSH Brute Force Scanner – Part 1

Posted by: Dan O'Connor

I was looking around and found an article about an SSH Brute Force Scanner someone had gotten a hold of but they could not get it working. You can read it here. When you unpack the tarball this...

April 24, 2013  8:13 PM

New VirusTotal Functionality

Posted by: Dan O'Connor

Virus total now allows you to send pcap ( Packet captures ) files directly to

Bookmark and Share     0 Comments     RSS Feed     Email a friend

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: