Tuesday, August 14, 2012

KEYSPY : Password Capturing Made Easy


A little something I cooked up when I was bored one afternoon ...

KEYSPY is a program which is intended to capture keystrokes when a password-protected or login program is run and save them in a hidden file in the root directory. This will enable the resourceful user to find plenty of login names and passwords.

By Sibidharan v 0.90




The program will drop a .COM program with the same name as a user-selected
program. When the .EXE program is called at the command line, the .COM program
will be run first (spawning viruses work on this premise), and the spy program
will pass control to the .EXE file after going memory resident.

The program is specially designed to hide both itself and the capture file
from any directory search. It searches for files with a date of February 30
(obviously impossible) on them, and hides them from such searches.

If you don't understand any of the above, don't worry about it. Just follow
these instructions to run KEYSPY:

 1) Find an .EXE program commonly run. The first one in the AUTOEXEC.BAT
    file would be a great target - let's say it's MOUSE.EXE. Then run the
    KEYSPY program as follows:
             
                KEYSPY MOUSE.EXE
 
    or whatever .EXE program you wish to attach the spy program to. (This
    program doesn't have to be the login or password program, although it
    can be.)
    Then, when it asks:

                Enter filename of program to spy on :

    enter the name of the password-protected program or login program you
    wish to spy on (i.e. LOGIN.EXE).

    KSINIT will create a hidden .COM program with the same name in the same
    path as the .EXE program you specified on the command line. This program
    will install the spy utility, and will be run every time the .EXE
    program is run.

 2) If you want, run the .EXE program from the command line to install the
    program in memory.

 3) Leave it there. The program will save keystrokes in a hidden file in the
    root directory called MMSDKEYS whenever  is run. The contents
    of the file might look something like this:

    ae692
    jenny

    < X:\LOGIN\LOGIN.EXE >
    jcrandal
    SAILING

    < C:\START\LOGIN.EXE >

    In the above example, the program X:\LOGIN\LOGIN.EXE was run, and the
    keystrokes the program captured are directly ABOVE it. (One could deduce
    that the login name for this person was "ae692" and the password "jenny".
    The program C:\START\LOGIN.EXE was also run, and again the captured
    keystrokes are above it in the file - a login and password again.

    You see what you can do with this now?

 4) The capture file will normally be hidden from sight, but you can view it
    with the KSVIEW utility. Just run KSVIEW.COM on the computer, and it will
    dump out the contents of the file. You could also run it and filter the
    output to a file or the printer, like this:

                KSVIEW > PRN

        to send the captured keystrokes to the printer.


To test this program, I have included a program called KSTEST.EXE which asks
for a login and password, but does nothing. Try spying on it by entering:

                keyspy kstest.exe
             
Or give the name of another .EXE program, and then run that program.

Then type KSTEST.EXE as the name of the program to spy on. Run the
program, give a phony login and password, then run KSVIEW - and you'll see
what you entered right there.

A few notes:


* The program might also capture keystrokes from certain other programs. You
see, it identifies the programs to spy on by the last four letters of their
name. For example, if you were spying on START.EXE, the program would also
capture keystrokes from a program named TART.EXE or RESTART.COM. This is
nothing to worry about - just ignore the data you don't want.

* The program currently only captures a maximum of 150 keystrokes each time a
program is run. Normally this shouldn't be much of a limitation.

* If you wanted to, you could create a more innocuous-looking dropper program
yourself using the dropped .COM program.

Disclaimer:


I, the writer of this program, do not condone any illegal activity that you
may be inspired to do having obtained this program, and will not be held
responsible for any damages inflicted upon yourself or others with this
program. This is merely an attempt to point out flaws in PC security, and not
to be used for unlawful purposes. (There. Got that out of the way.)

No comments:

Post a Comment