Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

README.md

zeus_reports_len

This exploit is a remote timing attack against Zeus C&C enabling the attacker to resolve the length in characters of the reports directory name by carefully measuring the response time of the server. The associated blog post - http://www.kerneronsec.com/2015/10/timing-attack-vulnerability-in-most.html

Rotem Kerner

Whats in the box ?

  • zeus_reports_dirlen.php - is the actual remote timing attack exploit which reveals the reports directory name length
  • zeus_rc4_algo_brute.php - as the name suggests, when given the right encryption key this tool lets you brute force the algorthim if it has the right cipher in its repository.
  • Zeus.class.php - a generic Zeus client class which is able to communicate with most zeus variants
  • Encryption.class.php - the cipher repository class, contains different variants of encryption ciphers used in zeus

TODO

  • optimize the sampling stage
  • optimize the "mesurable interval test"
  • Threading
  • recode in python?

About

Remote timing attack exploit against most Zeus/Zbot variants including Citadel, Ice9, Zeus 2.3, KINS/ZeusVM etc..

Resources

Releases

No releases published

Packages

No packages published

Languages