June 25, 2011 12:29 AM
Posted by: Dan O'Connor
zeus analysis,
zeus botnet,
zeus source code,
zeus walkthroughOur last bit we need before we hit the big red button and infect the machine is getting wireshark ready to go.
http://www.wireshark.org/download.html
I have wireshark loaded with a filter string to only capture traffic from the workstation...
June 22, 2011 12:12 AM
Posted by: Dan O'Connor
zeus analysis,
zeus botnet,
zeus source code,
zeus walkthroughIn case you are following at home you will need to go download the following;
- WireShark http://www.wireshark.org/download.html.
- RegShot
June 21, 2011 11:55 PM
Posted by: Dan O'Connor
zeus analysis,
zeus botnet,
zeus source code,
zeus walkthroughI am just at the point where I am ready to take our bot we built and see if we can get it to run on the target machine. But I want to make sure we are going to collect every little thing we can.
What we are going to setup to do is the following.
- Capture network traffic with a...
June 11, 2011 11:20 PM
Posted by: Dan O'Connor
zeus analysis,
zeus botnet,
zeus source code,
zeus walkthroughAfter the fact of building my bot, it's worth looking at what the basic config file looks like.
entry "StaticConfig"
;botnet "btn1"
timer_config 60 1
timer_logs 1 1
timer_stats 20 1
url_config "http://localhost/config.bin"
remove_certs 1
disable_tcpserver 0
...
May 29, 2011 12:47 AM
Posted by: Dan O'Connor
zeus analysis,
zeus botnet,
zeus source code,
zeus walkthroughNext we need to build our bot, and configure it.
This is the zsb.exe file, point it at the config.txt. The IP address of the server will need to be set, and the key configured.
For bonus points, you can use the zsb.exe to check if the host you are running it on is infected. But you will...
May 29, 2011 12:15 AM
Posted by: Dan O'Connor
zeus analysis,
zeus botnet,
zeus source code,
zeus walkthroughIf all has gone well you should be able to get the install screen.
Uploaded with
May 28, 2011 12:44 AM
Posted by: Dan O'Connor
zeus analysis,
zeus botnet,
zeus source code,
zeus walkthroughIf you are following at home you are going to need to install some webby stuff on your "server".
I am going to use XAMPP.
Also your machines are going to need to be able to talk, so make sure you are all setup. Using VMWare I setup a network that only the server and the machine that is...
May 25, 2011 10:25 PM
Posted by: Dan O'Connor
zeus analysis,
zeus botnet,
zeus source code,
zeus walkthroughI am going to step through the Zeus bot source code. I will start with the PHP stuff, which should be pretty light. There is about 44 PHP files to go over.
> find . -type f -name...
May 16, 2011 11:31 PM
Posted by: Dan O'Connor
zeus,
zeus botnet,
zeus downloadWell I guess there is no honor among thieves or something like that. There is now a version out on the lose and you can find it if you try.
I hope I can get into the code soon, I have been waiting for this for a while.
