Author Topic: Malware  (Read 7501 times)

0 Members and 1 Guest are viewing this topic.

April 11, 2009, 10:29:57 am
Read 7501 times

menacez

  • Newbie

  • Offline
  • *

  • 2
Hi All,

I'm trying to clone a malware infested site locally in a webserver in VM to actually see what its doing from a server side. The site has lots of exe's, javascript, aspx pages and I've tried httrack, wget etc. but this doesnt retreive all links.

How do you experts out there clone a malware website to learn about how things work and "play" within an isolated environment (VMware) but also see Windows being infected with malware.

Appreciate any comments & apologies if I've broken any rules.

Cheers,
Menacez

April 11, 2009, 03:06:24 pm
Reply #1

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
In short, unless you've got direct access to the source files, your method isn't going to work, as you still need the PHP or whatever code, they're using to dynamically etc create/spit out, the files.

The most you can do, is get the client-side created files, which are usually not going to help for the purposes you describe.
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

April 12, 2009, 08:44:51 am
Reply #2

menacez

  • Newbie

  • Offline
  • *

  • 2
In short, unless you've got direct access to the source files, your method isn't going to work, as you still need the PHP or whatever code, they're using to dynamically etc create/spit out, the files.

The most you can do, is get the client-side created files, which are usually not going to help for the purposes you describe.

Ok thanks MysteryFCM. I'm sure everyone knows but tcpdump/wireshark is also your friend  ;)

Menacez

April 12, 2009, 07:37:52 pm
Reply #3

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
That still only helps for client-side code - not server side ;)
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net