110 lines
4.5 KiB
Plaintext
110 lines
4.5 KiB
Plaintext
KEYSPY : Password Capturing Made Easy
|
|
By MnemoniX v0.90á - 1995
|
|
|
|
A little something I cooked up when I was bored one afternoon ...
|
|
|
|
KEYSPY is a program which is intended to capture keystrokes when a password-
|
|
protected or login program is run and save them in a hidden file in the root
|
|
directory. This will enable the resourceful user to find plenty of login
|
|
names and passwords.
|
|
|
|
The program will drop a .COM program with the same name as a user-selected
|
|
program. When the .EXE program is called at the command line, the .COM program
|
|
will be run first (spawning viruses work on this premise), and the spy program
|
|
will pass control to the .EXE file after going memory resident.
|
|
|
|
The program is specially designed to hide both itself and the capture file
|
|
from any directory search. It searches for files with a date of February 30
|
|
(obviously impossible) on them, and hides them from such searches.
|
|
|
|
If you don't understand any of the above, don't worry about it. Just follow
|
|
these instructions to run KEYSPY:
|
|
|
|
1) Find an .EXE program commonly run. The first one in the AUTOEXEC.BAT
|
|
file would be a great target - let's say it's MOUSE.EXE. Then run the
|
|
KEYSPY program as follows:
|
|
|
|
KEYSPY MOUSE.EXE
|
|
|
|
or whatever .EXE program you wish to attach the spy program to. (This
|
|
program doesn't have to be the login or password program, although it
|
|
can be.)
|
|
Then, when it asks:
|
|
|
|
Enter filename of program to spy on :
|
|
|
|
enter the name of the password-protected program or login program you
|
|
wish to spy on (i.e. LOGIN.EXE).
|
|
|
|
KSINIT will create a hidden .COM program with the same name in the same
|
|
path as the .EXE program you specified on the command line. This program
|
|
will install the spy utility, and will be run every time the .EXE
|
|
program is run.
|
|
|
|
2) If you want, run the .EXE program from the command line to install the
|
|
program in memory.
|
|
|
|
3) Leave it there. The program will save keystrokes in a hidden file in the
|
|
root directory called MMSDKEYS whenever is run. The contents
|
|
of the file might look something like this:
|
|
|
|
ae692
|
|
jenny
|
|
|
|
< X:\LOGIN\LOGIN.EXE >
|
|
jcrandal
|
|
SAILING
|
|
|
|
< C:\START\LOGIN.EXE >
|
|
|
|
In the above example, the program X:\LOGIN\LOGIN.EXE was run, and the
|
|
keystrokes the program captured are directly ABOVE it. (One could deduce
|
|
that the login name for this person was "ae692" and the password "jenny".
|
|
The program C:\START\LOGIN.EXE was also run, and again the captured
|
|
keystrokes are above it in the file - a login and password again.
|
|
|
|
You see what you can do with this now?
|
|
|
|
4) The capture file will normally be hidden from sight, but you can view it
|
|
with the KSVIEW utility. Just run KSVIEW.COM on the computer, and it will
|
|
dump out the contents of the file. You could also run it and filter the
|
|
output to a file or the printer, like this:
|
|
|
|
KSVIEW > PRN
|
|
|
|
to send the captured keystrokes to the printer.
|
|
|
|
|
|
To test this program, I have included a program called KSTEST.EXE which asks
|
|
for a login and password, but does nothing. Try spying on it by entering:
|
|
|
|
keyspy kstest.exe
|
|
|
|
Or give the name of another .EXE program, and then run that program.
|
|
|
|
Then type KSTEST.EXE as the name of the program to spy on. Run the
|
|
program, give a phony login and password, then run KSVIEW - and you'll see
|
|
what you entered right there.
|
|
|
|
A few notes:
|
|
|
|
* The program might also capture keystrokes from certain other programs. You
|
|
see, it identifies the programs to spy on by the last four letters of their
|
|
name. For example, if you were spying on START.EXE, the program would also
|
|
capture keystrokes from a program named TART.EXE or RESTART.COM. This is
|
|
nothing to worry about - just ignore the data you don't want.
|
|
|
|
* The program currently only captures a maximum of 150 keystrokes each time a
|
|
program is run. Normally this shouldn't be much of a limitation.
|
|
|
|
* If you wanted to, you could create a more innocuous-looking dropper program
|
|
yourself using the dropped .COM program.
|
|
|
|
Disclaimer:
|
|
|
|
I, the writer of this program, do not condone any illegal activity that you
|
|
may be inspired to do having obtained this program, and will not be held
|
|
responsible for any damages inflicted upon yourself or others with this
|
|
program. This is merely an attempt to point out flaws in PC security, and not
|
|
to be used for unlawful purposes. (There. Got that out of the way.)
|