XyliBox: Carberp C&C

Thursday 27 June 2013

Carberp C&C

And here we go, first Carberp panel i break from the leak, surely a test one, gateway was badly configured like domains.

To view the login page sometime you need a special key like:
/login/?x=11111111111111111111111111111111

It was not required on this server but if you want an example let's try on another Carberp C&C.
Without:

With:

Dashboard, License Information:

Statistics:

Bots:

Diagram:

Search:

P2P:

Host:

Tasks:

Add a task:

Links:

Logs:

Filters:

Cab-files:

iBank:

Keylogger:

Add program:

Recycle bin:

AutoSystem:

Add domains:

Builds:

Add builds:

Settings:

Users:

User settings:

User permissions:

Edit user:

User information:

About my previous post, fun fact: in 2011 i've already found traces of logs in a C&C, and mystic compressor was used on the sample.

(14:44:15) Павел: надо в админку добавить

1. смотреть все логи по одному боту!

(14:44:27) Павел: показать всех ботовс RU онлайн чисто! логи по ним

(14:44:30) Павел: чтоб глядеть есть ли баги и тд

(14:45:40) aksoft@188.72.206.204/work: оказать всех ботовс RU онлайн чисто! логи по ним - это уточни

(14:45:57) Павел: ну вот чтобы вывод фильтровало

(14:46:14) Павел: нашло всех ботов у которых такая строка в логах есть:

isOfflineVersion = false isOnlineVersion = true

(14:46:18) Павел: language = RUS

(14:46:30) Павел: и после этого логи по ним всем чисто показала! лог вывела

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=747

8 comments:

Anonymous28 June 2013 at 10:49
People still don't know how to make a bin and work the builder + plugin.
ReplyDelete
Replies
Steven K28 June 2013 at 12:16
ppl know already this.
ReplyDelete
Replies
Steven K7 September 2013 at 17:24
you can even do it on centos 5 but it's more hard
ReplyDelete
Replies
Anonymous29 November 2013 at 19:14
Hi,steven K does this bot aslo can be running on xampp server .?
ReplyDelete
Replies

Add comment