Irregular Expressions

Jun 25 2011   12:29AM GMT

Zeus code walkthrough – Part 8

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Our last bit we need before we hit the big red button and infect the machine is getting wireshark ready to go.

I have wireshark loaded with a filter string to only capture traffic from the workstation that I will infect.

I have the workstation infected now, and I can see the traffic coming back to the server on port 80 to the web server we setup.  The infected workstation is talking to the gate.php file on the web server, as expected it’s encrypted.  This will be the first php file we dive in to, it should be a great start.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: