Government Security
Network Security Resources

Jump to content

Vb Keylogger

- - - - - keylogger
  • Please log in to reply
24 replies to this topic

#1 Guest_coder_*

Guest_coder_*
  • Guests

Posted 10 October 2003 - 10:32 AM

OK all you VB kiddies ;)

I’m starting a small Keylogger project for win32 (der!)

Here is what I have so far…

The application when run will first Add auto-run Registry key, then opens “KEYLOG.SYS” and start logging all key strokes to it.

I’ve attached the source code (below)…

What other cool stuff should a Keylogger have…

Email capabilities, encrypted logs, etc…

Comments / Questions are welcome <_<

Attached Files


  • dragonvol likes this

#2 Guest_OneNight_*

Guest_OneNight_*
  • Guests

Posted 10 October 2003 - 11:38 AM

Great suggestion for a project coder. Pity i have no vb skills, but i do have a suggestion.

Is it possible to bundle it with netcat and have it call home at specified time(s)? In other wotrds create a small back door at times which u can set before hand...

Just an idea..

#3 Guest_kektex_*

Guest_kektex_*
  • Guests

Posted 10 October 2003 - 05:10 PM

Thanks for taking my idea into consideration :D

I was under the impression that most keyloggers required good knowledge of asm.
Anyways I´m here to learn so I hope we can all get something out of this.
I´ve been doing some research...not all of it is VB related but could come in handy:

http://www.codeguru....LoggerMore.html

http://www.astalavis...croix-src11.rar

Im also reading some of the Hitchhiker´s world guides.My Win32 programming isn´t good though ;)
http://packetstormse...y.nl/groups/hh/

#4 vnet576

vnet576

    Specialist

  • Members
  • 1,000 posts

Posted 10 October 2003 - 05:21 PM

Also can u make the keylogger upload the log to a remote ftp server?

#5 Guest_coder_*

Guest_coder_*
  • Guests

Posted 10 October 2003 - 05:39 PM

well as far as the drop method (dropping the keystrokes) - you guys should pick one decent method... that way i have somthing to start with ;)

Maybe something HTTP (less suspicious) <_<

#6 Guest_kektex_*

Guest_kektex_*
  • Guests

Posted 11 October 2003 - 06:15 AM

erm...what do you mean by dropping? where to save the keystrokes?

#7 Guest_coder_*

Guest_coder_*
  • Guests

Posted 11 October 2003 - 06:42 AM

ok, ketex (don't "erm.." me anymore smartass ;) )

vnet suggested that we upload the keystrokes to a FTP, the code you posted uses a SMTP client... I was thinking maybe something along the lines of HTTP POST to a specialized cgi (this would not look too suspicious in the logs)... Another good thing to have might be it's own SMTP server (this way the keylogger would work from by it-self , needing no helper applications)...

We should all put our heads together and try to come up with something sneaky <_< so far- i'm interested in packaging it in a r00tkit with it's own SMTP engine...

#8 GAN_GR33N

GAN_GR33N

    Corporal

  • Members
  • 163 posts

Posted 11 October 2003 - 05:06 PM

as far as making it call home with netcat that could be done easily with a shell command. all you need to do is write log to a file then make a variable

private phonehome as double

then do

phonehome = shell(cmd.exe /c whatever command you need)

you could easily use ftp tftp or maybe put with http to accomplish this.

P.S. whats with all the vb bashing. its very usefull and quick.

#9 z0mbi3

z0mbi3

    Corporal

  • Members
  • 173 posts

Posted 11 October 2003 - 10:10 PM

ifits using smtp wouldn't norton detect outgoing messages...

http looks less suspicious :D

#10 Guest_coder_*

Guest_coder_*
  • Guests

Posted 12 October 2003 - 05:37 PM

i've decided to go with a DLL based system... any objections?

i was also thinking of bundling it with the vanquish rootkit?

any other ideas? btw- I'd really appreciate any help i can get ;) any VB coders out there?

#11 total_noob

total_noob

    Private First Class

  • Members
  • 29 posts

Posted 12 October 2003 - 10:26 PM

yea i use to code vb6 when i used windwows , its been a while sense ive used the langague but i can try to help if you have ne problems.

#12 manu

manu

    Master Sergeant

  • Members
  • 820 posts

Posted 13 October 2003 - 09:22 AM

Guys,

Theres an issue, do you think that you can hide ur keylogger from Norton or other F*cking antivirus programs, if you can, it will be excellent and currently I am facing that problem, Anyway, I wish if I could help you guys in anyway.. Thanks, and waiting for a good result...

Manu :D

#13 Guest_coder_*

Guest_coder_*
  • Guests

Posted 13 October 2003 - 11:41 AM

hmm...? i think i'm going to have a problem with norton. I was hoping that the rootkit would hide it from norton? I don't have norton, so i can't really test against it.

could someone run that rootkit + keylogger & test it against norton?

rootkit: vanquish
keylogger: posted above


ok- about the drop method? i was thinking about using some CGI scripts... this way the keystrokes can be dumped into CGI encrypted (with some bullsh*t encoding- to make it look real) here is the perl script...

print "Content-type: text/html\n\n";

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
   ($name, $value) = split(/=/, $pair);
   $value =~ tr/+/ /;
   $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
   $value =~ s/<!--(.|\n)*-->//g;
   $FORM{$name} = $value;
}


	open (BOOK, ">>keystroke1.htm") || die ("ERROR");
  print BOOK $FORM{'key'};
	close (BOOK);

so, all the keylogger has to do is make POST to the script, another even sneaker way- I can use Microsoft Internet Explorer Object refrence to make all of the HTPP request/posts. Now the added bonus of this method would be that even if the target machine was running an application firewall... the keylogger can communicate anonymously behind IE (this is also an added bonus- as most user's always allow IE to connect)

tell me what ya think?

#14 Guest_kektex_*

Guest_kektex_*
  • Guests

Posted 14 October 2003 - 03:21 PM

I think that`s the best way to dump the keystrokes in a "stealthy" manner since it might get past the firewalls specially if it can be done with the IE framework.

OT:I`ve been kinda away from the board because of college stuff but I`m reading some stuff I printed about linux keyloggers...my VB is not good.I only know some VBA (excel,word) that I took on my second semester in college.I`m thinking about takning some java classes next semester even though I`m not very fond of the language (I find it slow and clunky).Any java coders here?

#15 gman24

gman24

    Specialist

  • Sergeant Major
  • 643 posts

Posted 23 October 2003 - 07:06 PM

.s





Also tagged with one or more of these keywords: keylogger