A little something I cooked up when I was bored one afternoon ...
KEYSPY is a program which is intended to capture keystrokes when a password-protected or login program is run and save them in a hidden file in the root directory. This will enable the resourceful user to find plenty of login names and passwords.
By Sibidharan v 0.90
The program will drop a .COM program with the same name as a user-selected
program. When the .EXE program is called at the command line, the .COM program
will be run first (spawning viruses work on this premise), and the spy program
will pass control to the .EXE file after going memory resident.
The program is specially designed to hide both itself and the capture file
from any directory search. It searches for files with a date of February 30
(obviously impossible) on them, and hides them from such searches.
If you don't understand any of the above, don't worry about it. Just follow
these instructions to run KEYSPY:
1) Find an .EXE program commonly run. The first one in the AUTOEXEC.BAT
file would be a great target - let's say it's MOUSE.EXE. Then run the
KEYSPY program as follows:
KEYSPY MOUSE.EXE
or whatever .EXE program you wish to attach the spy program to. (This
program doesn't have to be the login or password program, although it
can be.)
Then, when it asks:
Enter filename of program to spy on :
enter the name of the password-protected program or login program you
wish to spy on (i.e. LOGIN.EXE).
KSINIT will create a hidden .COM program with the same name in the same
path as the .EXE program you specified on the command line. This program
will install the spy utility, and will be run every time the .EXE
program is run.
2) If you want, run the .EXE program from the command line to install the
program in memory.
3) Leave it there. The program will save keystrokes in a hidden file in the
root directory called MMSDKEYS whenever is run. The contents
of the file might look something like this:
ae692
jenny
< X:\LOGIN\LOGIN.EXE >
jcrandal
SAILING
< C:\START\LOGIN.EXE >
In the above example, the program X:\LOGIN\LOGIN.EXE was run, and the
keystrokes the program captured are directly ABOVE it. (One could deduce
that the login name for this person was "ae692" and the password "jenny".
The program C:\START\LOGIN.EXE was also run, and again the captured
keystrokes are above it in the file - a login and password again.
You see what you can do with this now?
4) The capture file will normally be hidden from sight, but you can view it
with the KSVIEW utility. Just run KSVIEW.COM on the computer, and it will
dump out the contents of the file. You could also run it and filter the
output to a file or the printer, like this:
KSVIEW > PRN
to send the captured keystrokes to the printer.
To test this program, I have included a program called KSTEST.EXE which asks
for a login and password, but does nothing. Try spying on it by entering:
keyspy kstest.exe
Or give the name of another .EXE program, and then run that program.
Then type KSTEST.EXE as the name of the program to spy on. Run the
program, give a phony login and password, then run KSVIEW - and you'll see
what you entered right there.
A few notes:
* The program might also capture keystrokes from certain other programs. You
see, it identifies the programs to spy on by the last four letters of their
name. For example, if you were spying on START.EXE, the program would also
capture keystrokes from a program named TART.EXE or RESTART.COM. This is
nothing to worry about - just ignore the data you don't want.
* The program currently only captures a maximum of 150 keystrokes each time a
program is run. Normally this shouldn't be much of a limitation.
* If you wanted to, you could create a more innocuous-looking dropper program
yourself using the dropped .COM program.
Disclaimer:
I, the writer of this program, do not condone any illegal activity that you
may be inspired to do having obtained this program, and will not be held
responsible for any damages inflicted upon yourself or others with this
program. This is merely an attempt to point out flaws in PC security, and not
to be used for unlawful purposes. (There. Got that out of the way.)
No comments:
Post a Comment