I'm starting a small Keylogger project for win32 (der!)
Here is what I have so far.
The application when run will first Add auto-run Registry key, then opens "KEYLOG.SYS" and start logging all key strokes to it.
I've attached the source code (below).
What other cool stuff should a Keylogger have.
Email capabilities, encrypted logs, etc.
Comments / Questions are welcome
OneNight
Oct 10 2003, 07:38 PM
Great suggestion for a project coder. Pity i have no vb skills, but i do have a suggestion.
Is it possible to bundle it with netcat and have it call home at specified time(s)? In other wotrds create a small back door at times which u can set before hand...
Just an idea..
kektex
Oct 11 2003, 01:10 AM
Thanks for taking my idea into consideration
I was under the impression that most keyloggers required good knowledge of asm. Anyways I´m here to learn so I hope we can all get something out of this. I´ve been doing some research...not all of it is VB related but could come in handy:
Also can u make the keylogger upload the log to a remote ftp server?
coder
Oct 11 2003, 01:39 AM
well as far as the drop method (dropping the keystrokes) - you guys should pick one decent method... that way i have somthing to start with
Maybe something HTTP (less suspicious)
kektex
Oct 11 2003, 02:15 PM
erm...what do you mean by dropping? where to save the keystrokes?
coder
Oct 11 2003, 02:42 PM
ok, ketex (don't "erm.." me anymore smartass )
vnet suggested that we upload the keystrokes to a FTP, the code you posted uses a SMTP client... I was thinking maybe something along the lines of HTTP POST to a specialized cgi (this would not look too suspicious in the logs)... Another good thing to have might be it's own SMTP server (this way the keylogger would work from by it-self , needing no helper applications)...
We should all put our heads together and try to come up with something sneaky so far- i'm interested in packaging it in a r00tkit with it's own SMTP engine...
GAN_GR33N
Oct 12 2003, 01:06 AM
as far as making it call home with netcat that could be done easily with a shell command. all you need to do is write log to a file then make a variable
private phonehome as double
then do
phonehome = shell(cmd.exe /c whatever command you need)
you could easily use ftp tftp or maybe put with http to accomplish this.
P.S. whats with all the vb bashing. its very usefull and quick.
z0mbi3
Oct 12 2003, 06:10 AM
ifits using smtp wouldn't norton detect outgoing messages...
http looks less suspicious
coder
Oct 13 2003, 01:37 AM
i've decided to go with a DLL based system... any objections?
i was also thinking of bundling it with the vanquish rootkit?
any other ideas? btw- I'd really appreciate any help i can get any VB coders out there?
total_noob
Oct 13 2003, 06:26 AM
yea i use to code vb6 when i used windwows , its been a while sense ive used the langague but i can try to help if you have ne problems.
manu
Oct 13 2003, 05:22 PM
Guys,
Theres an issue, do you think that you can hide ur keylogger from Norton or other F*cking antivirus programs, if you can, it will be excellent and currently I am facing that problem, Anyway, I wish if I could help you guys in anyway.. Thanks, and waiting for a good result...
Manu
coder
Oct 13 2003, 07:41 PM
hmm...? i think i'm going to have a problem with norton. I was hoping that the rootkit would hide it from norton? I don't have norton, so i can't really test against it.
could someone run that rootkit + keylogger & test it against norton?
rootkit: vanquish keylogger: posted above
ok- about the drop method? i was thinking about using some CGI scripts... this way the keystrokes can be dumped into CGI encrypted (with some bullsh*t encoding- to make it look real) here is the perl script...
open (BOOK, ">>keystroke1.htm") || die ("ERROR"); print BOOK $FORM{'key'}; close (BOOK);
so, all the keylogger has to do is make POST to the script, another even sneaker way- I can use Microsoft Internet Explorer Object refrence to make all of the HTPP request/posts. Now the added bonus of this method would be that even if the target machine was running an application firewall... the keylogger can communicate anonymously behind IE (this is also an added bonus- as most user's always allow IE to connect)
tell me what ya think?
kektex
Oct 14 2003, 11:21 PM
I think that`s the best way to dump the keystrokes in a "stealthy" manner since it might get past the firewalls specially if it can be done with the IE framework.
OT:I`ve been kinda away from the board because of college stuff but I`m reading some stuff I printed about linux keyloggers...my VB is not good.I only know some VBA (excel,word) that I took on my second semester in college.I`m thinking about takning some java classes next semester even though I`m not very fond of the language (I find it slow and clunky).Any java coders here?
gman24
Oct 24 2003, 03:06 AM
.s
PiP
Jan 7 2004, 05:02 AM
I cant attach files(yet?) but i have a smtp module coded in VB (works to send to hotmail at least)
as well as a module to access socks to eliminate having to use the winsock control(not programmed by me)
and working code using Getasynckeystate and GetKeyState for keylogging when i made it i used simple form of encryption for the log files using ascii offset
also have semi icq pager working...the method icq pager works has changed, but could update it to work with the new pager
basacly i got lotsa time on my hands, bored, and looking for somthing to do and have had lots of experience in VB / making keyloggers - so if u need any help
about the idea using the IE control, ill give it a test when i get home posting to a asp page and see what zone alarm has to say about it.
and making the program stealth, could use the method those guys used to get the HL2 source code, cant remember the name, but it hides ur app completly on 2k/xp/etc
also have u thought about how the program will store its info on who to send to etc... i used a method of making 3 large variables in the code and puting strings to search for <ID1> ..lots of space... <EOID1>, then openign the exe in binary and writing the email address, icq#, etc.. into it
PiP
Jan 7 2004, 05:14 AM
a problem with using the IE control is it might want to add urls, etc. to its Histroy, we had a problem like this when using XSS, i havnt had much experience with the IE control, but there is away around it if need be
The only problem with using VB for a keylogger i ever ran into is the need for the vb runtimes...but most systems have them these days anyway with XP
anyone know why i cant attach files?
Faceless Master
Jan 10 2004, 11:41 AM
QUOTE (PiP @ Jan 7 2004, 05:02 AM)
I cant attach files(yet?) but i have a smtp module coded in VB (works to send to hotmail at least)
as well as a module to access socks to eliminate having to use the winsock control(not programmed by me)
and working code using Getasynckeystate and GetKeyState for keylogging when i made it i used simple form of encryption for the log files using ascii offset
also have semi icq pager working...the method icq pager works has changed, but could update it to work with the new pager
basacly i got lotsa time on my hands, bored, and looking for somthing to do and have had lots of experience in VB / making keyloggers - so if u need any help
about the idea using the IE control, ill give it a test when i get home posting to a asp page and see what zone alarm has to say about it.
and making the program stealth, could use the method those guys used to get the HL2 source code, cant remember the name, but it hides ur app completly on 2k/xp/etc
also have u thought about how the program will store its info on who to send to etc... i used a method of making 3 large variables in the code and puting strings to search for <ID1> ..lots of space... <EOID1>, then openign the exe in binary and writing the email address, icq#, etc.. into it
Well dude! You can download Keyloggers ,trojan source from my site if you are having problem with the one u have. http://www.facelessmaster.tk and,to make your vb application runtime free, just compile it in VB5.It wont need that msvbvm60.dll Have Fun Faceless Master
shaun2k2
Jan 13 2004, 08:10 PM
About the anti-virus thing, isn't there anyway you could polymorph some of the keylogging code to avoid being picked up by the Anti-Virus as a common keylogging checksum?
Keep us posted.
-Shaun.
PiP
Jan 14 2004, 01:56 AM
QUOTE (Faceless Master @ Jan 10 2004, 11:41 AM)
Well dude! You can download Keyloggers ,trojan source from my site if you are having problem with the one u have. http://www.facelessmaster.tk and,to make your vb application runtime free, just compile it in VB5.It wont need that msvbvm60.dll Have Fun Faceless Master
It wont need the vb6 runtimes
but wont it need the vb5 runtimes?
and my key logger works, just its functions to send to ICQ dont work any more (due to icq changing the way they do things with the web pager)
PiP
Jan 14 2004, 02:02 AM
QUOTE (shaun2k2 @ Jan 13 2004, 08:10 PM)
About the anti-virus thing, isn't there anyway you could polymorph some of the keylogging code to avoid being picked up by the Anti-Virus as a common keylogging checksum?
Keep us posted.
-Shaun.
well i just pulled out my vb code cd and compiled my vb keylogger
fully updated NAV dosnt pick it up
You could probably use polymorphic-like code to change the way it listens for keystrokes...but in VB nfi
PiP
Jan 14 2004, 02:07 AM
Another thing, have you thought about how your going to set the options for the keylogger when u make it, (e.g. the email address to send the log files to, etc...)
Well dude! You can download Keyloggers ,trojan source from my site if you are having problem with the one u have. http://www.facelessmaster.tk and,to make your vb application runtime free, just compile it in VB5.It wont need that msvbvm60.dll Have Fun Faceless Master
It wont need the vb6 runtimes
but wont it need the vb5 runtimes?
and my key logger works, just its functions to send to ICQ dont work any more (due to icq changing the way they do things with the web pager)
Well ,the VB 5 Runtimes are already present in WinXP,2k,98 Regards ~Faceless Master
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
