Irregular Expressions

Jun 25 2011   12:29AM GMT

Zeus code walkthrough – Part 8

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Our last bit we need before we hit the big red button and infect the machine is getting wireshark ready to go.

http://www.wireshark.org/download.html

I have wireshark loaded with a filter string to only capture traffic from the workstation that I will infect.

I have the workstation infected now, and I can see the traffic coming back to the server on port 80 to the web server we setup.  The infected workstation is talking to the gate.php file on the web server, as expected it’s encrypted.  This will be the first php file we dive in to, it should be a great start.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: