iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
A Good question" / Discussion on Keylogger & rat etc.,
  • speak2sohail
    Posts: 8
    Is there anyway to find the UserID / info of the SERVER" (spyware) which is already complied ??????????? is there any decomplier or something, need lil help here for my own knowledge...... :P :P
    ~knightmare~
  • Xin
    Posts: 3,251
    This is called reverse engineering and there are varying degrees of difficulty to this depending on how it is packed or obfuscated. It is definitely possible though.

    Check this out
    http://fumalwareanalysis.blogspot.co.uk/p/malware-analysis-tutorials-reverse.html
    http://securityxploded.com/malware-analysis-training-reference.php
    Xin
  • Mr. P-teoMr. P-teo
    Posts: 269
    Reverse Engineering RATs & Keyloggers is great fun. I personally prefer Keyloggers as there is more chance of stealing there login creds(email or FTP). 
    Skype: mrpt3o
    Twitter: MrPteo


    image
  • m0rph
    Posts: 332
    I always thought the best way to get the cred's to their server is to run the malware in a vm with a packet sniffer that isn't wireshark. I believe windump was a good alternative. Like Xin said, sometimes the creds can be found in an ascii string if you disassemble it, but if they pack it, or crypt it that becomes largely useless.

    EDIT: Moved to appropriate board.
    while( !(succeed = try() ) );
  • Xin
    Posts: 3,251
    If its written in .net often you can very easily get the data using Reflector.
    Xin
Add a Comment