zeus_reports_len

This exploit is a remote timing attack against Zeus C&C enabling the attacker to resolve the length in characters of the reports directory name by carefully measuring the response time of the server. The associated blog post - http://www.kerneronsec.com/2015/10/timing-attack-vulnerability-in-most.html

Rotem Kerner

Whats in the box ?

zeus_reports_dirlen.php - is the actual remote timing attack exploit which reveals the reports directory name length
zeus_rc4_algo_brute.php - as the name suggests, when given the right encryption key this tool lets you brute force the algorthim if it has the right cipher in its repository.
Zeus.class.php - a generic Zeus client class which is able to communicate with most zeus variants
Encryption.class.php - the cipher repository class, contains different variants of encryption ciphers used in zeus

TODO

optimize the sampling stage
optimize the "mesurable interval test"
Threading
recode in python?

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
Zend		Zend
AES.class.php		AES.class.php
Encryption.class.php		Encryption.class.php
README.md		README.md
Repository.class.php		Repository.class.php
Zeus.class.php		Zeus.class.php
zeus_rc4_algo_brute.php		zeus_rc4_algo_brute.php
zeus_reports_dirlen.php		zeus_reports_dirlen.php

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Zend

Zend

AES.class.php

AES.class.php

Encryption.class.php

Encryption.class.php

README.md

README.md

Repository.class.php

Repository.class.php

Zeus.class.php

Zeus.class.php

zeus_rc4_algo_brute.php

zeus_rc4_algo_brute.php

zeus_reports_dirlen.php

zeus_reports_dirlen.php

Repository files navigation

zeus_reports_len

Whats in the box ?

TODO

About

Releases

Packages

Languages

nsxz/zeus_reports_len

Folders and files

Latest commit

History

Repository files navigation

zeus_reports_len

Whats in the box ?

TODO

About

Resources

Stars

Watchers

Forks

Languages