Edit: Some trojans refuse to work in virtual environment!
Some trojans refuse to work when wireshark is running. However you can launch the file, delay the connection and then launch the wireshark to get the credentials if you have a firewall.
As you probably know, in most cases in order to receive the logs you need to enter credentials for your FTP/Mail server. As most noob trojans only provide an FTP option as it's the easiest to code and set up, that's what I'm going to discuss.
I'm going to show you how to revert a trojan without a disassembler.
NOTE: It may not work if the user has their own hosting and uses an anonymous account with no read rights to submit data, or if the program submits logs using gate or SMTP methods.
Programs required:
Sniffer
FTP Client
keylogger/stealer
Programs recommended:
Virtual PC
Firewall
Step 1: Find a file containing a trojan/keylogger. They are quite easy to find just visit big warez sites.
Step 2: Download it, but don't run. In my case I use a Virtual PC, so I download it into my shared folder.
Step 3: Launch a sniffer, I use wireshark, it's easy to use.
Step 4: Launch that file, if you have a firewall you should see something like this:
http://img43.imageshack.us/img43/480/62211651.png
Step 5: Allow the outgoing packet, deny the second one (I'm assuming you are using a firewall) The reason for it is for the skiddie not to receive your log, as the first packet is for authentication and second one is for data. I am using an outpost firewall and it has a feature of blocking the trojan altogether, so it doesn't bother me in the future.
http://img40.imageshack.us/img40/3237/26721774.png
Step 6: Once you've gotten the login info, open your FTP client and log in.
Step 7: Do whatever you want, leech quietly (preferred) or delete all the logs and change the password
Total Pageviews
Welcome