Pages

Saturday, December 6, 2014

Zeus Botnet - 54.201.153.149 - Owned









// version 2.0.8.9
// admin user 
admin : mentman1
// ftp : 
deamon:xampp
// config 
#?php
$config['mysql_host']          = '127.0.0.1';
$config['mysql_user']          = 'daemon';
$config['mysql_pass']          = 'jG9mBvGQM7Jhbv62';
$config['mysql_db']            = 'evildb';
$config['reports_path']        = '_feedback';
$config['reports_to_db']       = 1;
$config['reports_to_fs']       = 1;
$config['reports_no_shit']     = 1;
$config['reports_jn']          = 0;
$config['reports_jn_logfile']  = '';
$config['reports_jn_account']  = '';
$config['reports_jn_pass']     = '';
$config['reports_jn_server']   = '';
$config['reports_jn_port']     = 5222;
$config['reports_jn_to']       = '';
$config['reports_jn_list']     = '';
$config['reports_jn_script']   = '';
$config['reports_dyncfg']      = 0;
$config['reports_dyncfg_script']  = '';
$config['membership_timeout']      = 1500;
$config['membership_cryptkey']     = 'ovWPvhfFJ';
$config['membership_cryptkey_bin'] = array(111, 27, 63, 146, 46, 219, 229, 29, 132, 252, 195, 222, 120, 85, 235, 8, 237, 173, 210, 215, 196, 14, 183, 54, 105, 33, 119, 230, 86, 101, 117, 93, 3, 131, 112, 197, 36, 147, 74, 89, 212, 64, 21, 207, 15, 60, 224, 30, 1, 141, 250, 32, 94, 194, 90, 72, 77, 214, 134, 165, 0, 126, 199, 115, 255, 193, 245, 52, 118, 99, 48, 49, 187, 104, 159, 163, 244, 148, 190, 221, 26, 247, 191, 88, 103, 62, 133, 70, 108, 208, 216, 82, 114, 124, 243, 186, 71, 100, 211, 169, 246, 138, 10, 57, 16, 180, 200, 125, 202, 150, 236, 130, 129, 149, 189, 22, 168, 201, 80, 184, 67, 233, 106, 172, 84, 177, 158, 28, 151, 209, 182, 161, 154, 171, 102, 227, 248, 40, 92, 58, 152, 95, 142, 68, 156, 97, 17, 20, 254, 251, 13, 107, 223, 56, 160, 50, 228, 51, 79, 66, 9, 91, 75, 232, 239, 2, 83, 144, 45, 35, 166, 37, 181, 240, 6, 65, 185, 253, 5, 18, 25, 145, 188, 137, 192, 127, 128, 98, 19, 155, 34, 38, 178, 213, 136, 31, 198, 140, 205, 123, 206, 231, 226, 55, 238, 87, 203, 24, 109, 122, 69, 110, 157, 59, 242, 42, 81, 135, 218, 121, 170, 41, 76, 179, 12, 139, 96, 204, 241, 11, 164, 53, 249, 44, 23, 43, 78, 113, 217, 220, 234, 116, 4, 7, 73, 176, 175, 174, 225, 143, 47, 39, 167, 153, 162, 61);
?#
// extracted by Xylitol 
RC4 Keystream    6f1b3f922edbe51d84fcc3de7855eb08edadd2d7c40eb736692177e65665755d038370c524934a59d44015cf0f3ce01e018dfa205ec25a484dd686a5007ec773ffc1f53476633031bb689fa3f494bedd1af7bf58673e85466cd0d852727cf3ba4764d3a9f68a0a3910b4c87dca96ec828195bd16a8c950b843e96aac54b19e1c97d1b6a19aab66e3f8285c3a985f8e449c611114fefb0d6bdf38a032e4334f42095b4be8ef0253902d23a625b5f00641b9fd05121991bc89c07f8062139b2226b2d5881fc68ccd7bcee7e237ee57cb186d7a456e9d3bf22a5187da79aa294cb30c8b60ccf10ba435f92c172b4e71d9dcea74040749b0afaee18f2f27a799a23d
    hxxp://54.201.153.149/ontrack-list/controller/theboldandthebeaded.php
    hxxp://54.201.153.149/ontrack-list/controller/hamilton.bin