Hijacking Other peoples Keylogs.

[0085046]

Hey, please move this if i posted this in the wrong section.

A Small tutorial on how to gain acces over peoples keylogs if you run into infected files. This tutorial is just about FTP stored logs but the explained method could and should possible work on POP3 mail acces aswell but i havnt tested it myself yet.

Also this is my first informative post if i posted it in the wrong section please move it. Even to i know this might be semi common knowledge by normal hackers coders i havnt seen a tutorial about it yet. I Made this tutorial before for another program on a private forum but since i recently started playing wow i felt like sharing...ok lets get to it

You will have to work with these tools so download them:

1] Virtual PC (Get VirtualBox, its free)
2] A Network Sniffer (Get Wireshark)

Start intalling VirtualBox and once you are done install a fresh copy of a operating system onto it like XP, Vista or Wi7. You could even use it on a PC you dont care about if it gets infected. But make make sure you have a fresh copy of a OS lying around.

Once you have done this install Wireshark, for both programs if you need a guide to properly install it then just google for them. Im not hear to teach you about the program so dont ask me for a detailed information on that im sorry. There is enough information on youtube/google

Now we have both these: XP, Vista, Wi7 or any other OS installed togheter with Wireshark.

The next step will be finding a infected file that has a keylogger rigged to itself. Just go to youtube and search for "Wow gold hack" or something like that, getting infected by a keyloggger SHOULD NOT BE HARD.


[*]Download this file onto your VirtualBox and make sure you dont have ANY other programs running on your PC and VirtualBox.

[*]Run wireshark and Select your current connection (Lan or Wifi Card) and start sniffing.

[*]Open the infected file you downloaded earlier and run it.

[*]Tab back too WireShark and look at the new connections your PC has made since the program was booted up. If you see a new connection check it out and see if its a FTP connection.


Allot keyloggers store their logs on FTP servers atleast the bigger ones, getting acces to a mail account trough Pop3 should not really be harder but i havent tried this out yet. If you see the file making acces to a SQL file just give up.

Once you have found a FTP or Mail connection go to wireshark and click on "connection details" You will see the info that is used to send those logs back and this info will be your little backdoor to the server it will look like

Code:

 Connected to "ip" as "username" *password*

You now should be able to connect to the FTP server with this info. Be smart and dont delete the files right away but take advantage of them.

[Kallblodig]

First! Looks awesome! + rep

[miLl3niUm]

I have an easier way to do this. I use a stealer that steals strings from exes (keyloggers) and you can find the ftp info in few secs. Am I allowed to post it?

[demisehi]

So basically you are stealing keylogged information from another keylogger? Brilliant!

[0085046]

I have an easier way to do this. I use a stealer that steals strings from exes (keyloggers) and you can find the ftp info in few secs. Am I allowed to post it?

Sure go on

[Giblets123]

Great post. So I assume you could just use any FTP software to connect to that server as you would a normal server? Or it would take a little more hassel to get into it?

[0085046]

Great post. So I assume you could just use any FTP software to connect to that server as you would a normal server? Or it would take a little more hassel to get into it?

You should be able to connect with any free FTP software once you get the server information.

[Giblets123]

Weyhey. I'll have to give this a try. Cheers!

[xholyrelicx]

Interesting, will have to give this a go!

[0085046]

it works with email stored keylogs too (Pop3) its displayed as [Pop] instead of [FTP] . Just tested it and got acces to a few limewire spread keyloggers.

[miLl3niUm]

Use at your own risk.

gets all string from a keylogger or a firefox stealer or anything, so instead of he stealing your things, you steal his ftp, email, user, etc.

Filebeam - Free Fast File Hosting

EDIT: Virus Scan

File Info

Report generated: 23.6.2009 at 23.27.43 (GMT 1)
Filename: csharpDis.exe
File size: 42 KB
MD5 Hash: ef4e86144358c44647d8925510974e9c
SHA1 Hash: 361E521C384D3A9B70E928BFC2125EB6C90CFA20
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
Detection rate: 0 on 24

Detections

a-squared - -
Avira AntiVir - -
Avast - -
AVG - -
BitDefender - -
ClamAV - -
Comodo - -
Dr.Web - -
Ewido - -
F-PROT6 - -
G-Data - -
Ikarus T3 - -
Kaspersky - -
McAfee - -
Malware Hash Registry - -
NOD32 v3 - -
Norman - -
Panda - -
QuickHeal - -
Solo Antivirus - -
Sophos - -
TrendMicro - -
VBA32 - -
VirusBuster - -

Scan report generated by
NoVirusThanks.org

[Giblets123]

So I've got pretty far. I think I've found a keylogger. What exactly am I looking for in wireshark? I see a load of packets coming up in the list.

I assume to find the info you look to the "info" column? And the protocol would read FTP? (pretty new to this stuffs :P)

[Iksf]

Brb, getting my old laptop xD
+rep

[jetlock]

Amazing, i've always wanted to keylog someone!

[0085046]

So I've got pretty far. I think I've found a keylogger. What exactly am I looking for in wireshark? I see a load of packets coming up in the list.

I assume to find the info you look to the "info" column? And the protocol would read FTP? (pretty new to this stuffs :P)

Yes thats correct it will display as [FTP] and just like in a normal FTP-Client you will see the connection info the the server and what message it gives you together with the login and password. You have to look a bit closer to find email acces because you have to figure out the hackers pop3 settings but it isnt much harder.