Re: [Capture-HPC] No Malicious Sites

Tue, 23 Sep 2008 06:53:35 -0700 

can you disable the copy modified file option in your config.xml and let me
know if it crashes?

On Tue, Sep 23, 2008 at 3:40 PM, Matthias Luft <
[EMAIL PROTECTED]> wrote:

> Hi,
>
> Christian Seifert wrote:
>
>> Getting closer. ...
>>
> sounds so ;-)
>
>>
>> Can you
>> 1. execute on the client 'CaptureClient.exe -c',
>> 2. copy a file manually from a to b using your windows explorer
>> 3. on the capture client window, press q and then enter
>>
>> crash or no crash?
>>
> no crash, logfile attached.
>
>>
>> Also, have you tried out installing winpcap and 2005 c++ sp1 redist libs?
>>
> Aye, I installed both, but it still crashes.
>
>>
>> Also, one more question: What exact version of CaptureClient are you
>> using?
>>
> It's 251-384 for both catpure-server and capture-client.
>
> Thanks & Regards,
> Matthias
>
> Microsoft Windows XP [Version 5.1.2600]
> (C) Copyright 1985-2001 Microsoft Corp.
>
> C:\Documents and Settings\Administrator>cd \
>
> C:\>cd "Program Files"
>
> C:\Program Files>cd Capture
>
> C:\Program Files\Capture>CaptureClient.exe -c
> PROJECT: Capture-HPC
> VERSION: 2.5
> DATE: August 6, 2008
> COPYRIGHT HOLDER: Victoria University of Wellington, NZ
> AUTHORS:
>        Christian Seifert ([EMAIL PROTECTED])
>        Ramon Steenson([EMAIL PROTECTED])
>
> Capture-HPC is free software; you can redistribute it and/or modify
> it under the terms of the GNU General Public License, V2 as published by
> the Free Software Foundation.
>
> Capture-HPC is distributed in the hope that it will be useful,
> but WITHOUT ANY WARRANTY; without even the implied warranty of
> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> GNU General Public License for more details.
>
> You should have received a copy of the GNU General Public License
> along with Capture-HPC; if not, write to the Free Software
> Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301,USA
>
> Option: Collecting modified files
> Starting Capture Client 2.5
> hereLoaded plugin: Application_ClientConfigManager.dll
>        inserted: added application: acrobatreader
>        inserted: added application: firefox
>        inserted: added application: opera
>        inserted: added application: word
>        inserted: added application: oowriter
> Loaded plugin: Application_InternetExplorer.dll
>        inserted: added application: iexplore
> Loaded plugin: Application_InternetExplorerBulk.dll
>        inserted: added application: iexplorebulk
> Loaded plugin: Application_Safari.dll
>        inserted: added application: safari
> Driver already loaded: CaptureProcessMonitor
> Driver already loaded: CaptureRegistryMonitor
> Loaded filter driver: CaptureFileMonitor
> ---------------------------------------------------------
> Start capturing modified files ...
> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1
> HKCU\Software\Microsoft
> \Internet Explorer\Toolbar\Locked
> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1
> HKCU\Software\Microsoft
> \Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1
> HKCU\Software\Microsoft
> \Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1
> HKCU\Software\Microsoft
> \Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1
> HKCU\Software\Microsoft
> \Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1
> HKCU\Software\Microsoft
> \Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1
> HKCU\Software\Microsoft
> \Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1
> HKCU\Software\Microsoft
> \Internet
> Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1
> HKCU\Software\Microsoft
> \Internet Explorer\Toolbar\Explorer\ITBarLayout
> process: created 4294967295 UNKNOWN -> C:\WINDOWS\explorer.exe 1708
> file: Write 1284 C:\WINDOWS\explorer.exe -> -1 C:\Program
> Files\Capture\Copy of
> COPYING
> q
> Copying monitored files
> Copying file: C:\Program Files\Capture\Copy of COPYING
>        ... done
> Resetting hStopEventResetting hStopEventResetting hStopEvent
> C:\Program Files\Capture>
> _______________________________________________
> Capture-HPC mailing list
> Capture-HPC@public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/capture-hpc
>
>


-- 
----
Web: http://www.mcs.vuw.ac.nz/~cseifert

PGP key
http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt
Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF

_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc

Reply via email to