Jump to content

A payload to browse files remotly?


Recommended Posts

I was curious about the keylogger you are using. It's fairly stealthy as I couldn't get a Av company to name th threat. I even tried running through a popular binary analysis system online. http://www.threatexpert.com

Here are the results :


I believe that encrypting binary is useless as they will have to be decrypted in memory to be executed as most modern AV products can monitor memory. They safest way to get around the AV problems is to kill the AV processes in memory. I'm going to modify your payload. I'm going to make a list of popular AV binaries, identify and kill then in memory. BUt first the MS Security center will have to be disabled so the user does not get the alert telling him/her their computer is at risk because no AV is running.

With on the payload I modified, I was able to run win-grep to search for Credit Card regex's and log them to a text file then email it to me via Blat!! :)

^([34|37]{2})([0-9]{13})$ and your expression for VISA or MC is ^(5[1-5]d{2})d{12}|(4d{3})(d{12}|d{9})$ they will not find the same sequence. If you want to further limit your search for MC or Visa, MC starts with a 51, 52, 53, 54 or 55 and Visa with a 4. So you could write ^([51|52|53|54|55]{2})([0-9]{14})$ or ^([4]{1})([0-9]{12,15})$. Regular expressions can be very, very helpful.

you get the idea

Link to comment
Share on other sites

You may also want to check out PsExec from sysinternals. There are many obstacles that one has to overcome when dealing with IP reachback:

-the node has a publicly routable IP address

-Client Software Firewalls (whether Windows embedded or 3rd party such as Zone Alarm)

-NAT, DMZ, port forwarding, etc.

Just some ideas. Interesting post though on the key logger. :)

Link to comment
Share on other sites

Alright guys. well im gonna realse the new payload as soon as me and stablefoxx get some stuff together. oh and sist3m, IM me Txqtftqx(aim) and maybe you can join the team. Thanks

P.S. if you didnt know me and stablefoxx teamed up working on this. Maybe Ill Post a beta today

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...