EvilZone

Programming and Scripting => Projects and Discussion => : Zesh July 29, 2012, 05:24:23 AM

: Project Aquatone
: Zesh July 29, 2012, 05:24:23 AM
Quick thanks to dsman and bubzuru for the revival of my motivation ;)

Project Aquatone will be a malware piece that I will be developing for the hell off it and as a direct competition to bubzuru key logger. It will be written in Visual Basic 6, time to show off the power of BASIC! I've got a few features and ideas in mind but I'm going to start of small and then build up.

Features
Here's a look of what I've got so far:
(http://i49.tinypic.com/2yzhfeb.png)
The listbox at the top contains all of the hook events, whilst the textbox displays a readable representation of the keyboard events. So that's the key logger feature pretty much done, I do have an idea of invoking the logging when certain programs are running but I'll add that later. Next up is the screenshot and server/ftp features which are rather simple and then I'll start messing around with some fun stuff :)
: Re: Project Aquatone
: Kulverstukas July 29, 2012, 08:22:45 AM
Oh dear lord. Doesn't all lame keyloggers get written in VisualBasic? just asking...
: Re: Project Aquatone
: Zesh July 29, 2012, 08:57:05 AM
: Kulverstukas  July 29, 2012, 08:22:45 AM
Oh dear lord. Doesn't all lame keyloggers get written in VisualBasic? just asking...

Nope. Every language has lame keyloggers and mine isn't lame, using a hook puts my program above most other keyloggers made in VB6 :P
: Re: Project Aquatone
: techb July 29, 2012, 09:56:51 AM
Vb is lame in my eyes regardless. But that is from personal experience though. C would be a better option, or C# if you want to go proprietary. Good luck though, any language is a whole lot better than none. I took Vb in college and it was a joke. Industry seems to enjoy it though.
: Re: Project Aquatone
: Zesh July 29, 2012, 11:34:50 AM
Well yes, everyone has their own opinions. I quite like VB6, it can be quickly used to whip up a program and it's the language I started off with, due to my game development endeavours with Mirage and its variants. The other option I have is C++ but my learning of that language is currently based around my game developers course and as I'm better with VB6, its what I'll use.

A quick update: Screenshot feature is in. Simply changing the number in the textbox changes the interval of each screeny in Minutes and for some reason I decided to keep track of how many keys have been pressed :P

(http://i50.tinypic.com/a70n4.png)

Now, I'm going to step it up and start turning this program into something better than the "lame" crap. Next up is the server/ftp feature, a better UI and a few other little things.
: Re: Project Aquatone
: Huntondoom July 29, 2012, 12:05:41 PM
little bit of source code (A)?
: Re: Project Aquatone
: dsman July 29, 2012, 01:00:00 PM
Good job bro ^^
: Re: Project Aquatone
: bubzuru July 29, 2012, 02:01:23 PM
good to see iv inspired you to start working again
(little tip: Try hooking KeyPress insted of KeyUp\Down, or hook both. key pressed is not good with certen keys (up, down, windows etc. use key up to log these) but use keypressed to log the rest (good with shift, space, shift\key $, etc)
: Re: Project Aquatone
: bubzuru July 29, 2012, 04:32:09 PM
here this will come in handy
DECOCTHEXBINSymbolHTML NumberHTML NameDescription
00000000000000NUL Null char
10010100000001SOH Start of Heading
20020200000010STX Start of Text
30030300000011ETX End of Text
40040400000100EOT End of Transmission
50050500000101ENQ Enquiry
60060600000110ACK Acknowledgment
70070700000111BEL Bell
80100800001000 BS Back Space
90110900001001 HT Horizontal Tab
100120A00001010 LF Line Feed
110130B00001011 VT Vertical Tab
120140C00001100 FF Form Feed
130150D00001101 CR Carriage Return
140160E00001110 SO Shift Out / X-On
150170F00001111 SI Shift In / X-Off
160201000010000DLE Data Line Escape
170211100010001DC1 Device Control 1 (oft. XON)
180221200010010DC2 Device Control 2
190231300010011DC3 Device Control 3 (oft. XOFF)
200241400010100DC4 Device Control 4
210251500010101NAK Negative Acknowledgement
220261600010110SYN Synchronous Idle
230271700010111ETB End of Transmit Block
240301800011000CAN Cancel
250311900011001 EM End of Medium
260321A00011010SUB Substitute
270331B00011011ESC Escape
280341C00011100 FS File Separator
290351D00011101 GS Group Separator
300361E00011110 RS Record Separator
310371F00011111 US Unit Separator

[/td][/tr][/table]
: Re: Project Aquatone
: Zesh July 30, 2012, 01:55:42 AM
: Huntondoom  July 29, 2012, 12:05:41 PM
little bit of source code (A)?

Which little bit? :P

: dsman  July 29, 2012, 01:00:00 PM
Good job bro ^^

Thank you :D

@bubzuru - Thanks for the tip and table :D

I'm going to leave this here, I'll do a proper w/ text update in the morning * yawn *

(http://i49.tinypic.com/u4yky.png)
: Re: Project Aquatone
: Huntondoom July 30, 2012, 08:28:01 PM
: Zesh  July 30, 2012, 01:55:42 AM
Which little bit? :P

Thank you :D

@bubzuru - Thanks for the tip and table :D

I'm going to leave this here, I'll do a proper w/ text update in the morning * yawn *

(http://i49.tinypic.com/u4yky.png)
the secret to your powers!
the hook :3
: Re: Project Aquatone
: EmilKXZ July 31, 2012, 05:40:56 AM
: Kulverstukas  July 29, 2012, 08:22:45 AM
Oh dear lord. Doesn't all lame keyloggers get written in VisualBasic? just asking...

Agreed.

Everything that doesn't run native in the OS is lame to me. A C# keylogger would go lame too if I have the standard XP without .NET (it doesn't come by default). On the other hand, there are good pieces of malware that are framework-based, such as Managed Code Rootkits, I acknowledge the good work, it's just doesn't sound to me too real to employ a malware tool which requires the user to have installed something extra that doesn't come by default. I honestly don't know, but I think .NET comes by default in Windows 7. Enlighten me if I am wrong.  ::)
: Re: Project Aquatone
: bubzuru July 31, 2012, 01:00:07 PM
Yes .NET comes by default in Windows 7 (i cant see it going anywhere in the near future)
and most people install it some reason

if you read my old posts you will see that i used to hate .NET when i was on XP.
now i love it.
: Re: Project Aquatone
: Kulverstukas July 31, 2012, 03:15:36 PM
Developing a more serious virus, you cannot rely on what people _should_ have installed in order for the malware to run. Unless you are targeting a very specific module, but that's another story.
My point is, if you are creating something that you will later have to get data from without end-user knowing and you won't have complete control over it, you cannot rely on "if" factors. It needs to be solid. And .NET, Java or anything else that takes up vital organs in an executable does not qualify as solid.
But you probably all know that already.
: Re: Project Aquatone
: bubzuru July 31, 2012, 05:22:04 PM
thats why i like delphi so much
but all that unicode string bullshit in the new version got me down
(broke all my code)
: Re: Project Aquatone
: Kulverstukas July 31, 2012, 06:37:58 PM
Indeed Delphi is nice. Borland Delphi 7 is still the shit :D Embarcadero 2010 is also nice, but Delphi7 seems faster to me and more lightweight.
: Re: Project Aquatone
: Huntondoom July 31, 2012, 07:15:58 PM
: Kulverstukas  July 31, 2012, 03:15:36 PM
Developing a more serious virus, you cannot rely on what people _should_ have installed in order for the malware to run. Unless you are targeting a very specific module, but that's another story.
My point is, if you are creating something that you will later have to get data from without end-user knowing and you won't have complete control over it, you cannot rely on "if" factors. It needs to be solid. And .NET, Java or anything else that takes up vital organs in an executable does not qualify as solid.
But you probably all know that already.
just code in C, with CodeBlocks? or something like that, then you dont have the .net reference applied on standard

Edit: you can remove the .net reference out of your visual studio project, but its a bit of a hassel
: Re: Project Aquatone
: Zesh July 31, 2012, 07:18:43 PM
Could I get replies 11-16 deleted? As they're not on-topic. I'm not sure where the talk of .NET even came from, I'm using VB6 so there is no .NET framework crap to deal with.

Update: I've been working on the Settings tab, getting that boring stuff out that way and upgrading a few of the current features. The screenshot feature now allows you to capture either the full screen or the current active window. I've ditched the one log file for log files for each day and some other little things. I'll get some screenshots up later :D
: Re: Project Aquatone
: bubzuru July 31, 2012, 07:37:14 PM
: Kulverstukas  July 31, 2012, 06:37:58 PM
Indeed Delphi is nice. Borland Delphi 7 is still the shit :D Embarcadero 2010 is also nice, but Delphi7 seems faster to me and more lightweight.

Delphi 7 is more lightweight but RAD Studio 2009 is the best imo , i hate 2010 (unicode)

back on topic
  you made any more updates yet, how are you uploading your logs ? is it local ? or remote ?
: Re: Project Aquatone
: EmilKXZ August 03, 2012, 10:09:41 AM
: Kulverstukas  July 31, 2012, 03:15:36 PM
Developing a more serious virus, you cannot rely on what people _should_ have installed in order for the malware to run. Unless you are targeting a very specific module, but that's another story.
My point is, if you are creating something that you will later have to get data from without end-user knowing and you won't have complete control over it, you cannot rely on "if" factors. It needs to be solid. And .NET, Java or anything else that takes up vital organs in an executable does not qualify as solid.
But you probably all know that already.
Exactly. Precisely my point. If you are going to rely on "ifs" your entire success expectations are flawed and you should rather think "I would have secured my success IF I had been coding for a broader audience", such as native code that runs without any frameworks at all!

: Kulverstukas  July 31, 2012, 06:37:58 PM
Indeed Delphi is nice. Borland Delphi 7 is still the shit :D Embarcadero 2010 is also nice, but Delphi7 seems faster to me and more lightweight.
I have been following Delphi since Delphi 2 (1996, a real jewel). Delphi 7 Enterprise I have, and then I followed up with RAD Studio 2010 and XE2. Without going off topic, I agree with you here again, Delphi 7 is the most balanced one, sadly it's not anymore fully compatible with newer Windows versions, I had to downgrade compatibility with Vista (and of course went back to XP in a week or so) when there was no Windows 7. I once tried to give a test-drive to Kylix 3, but I just can't be bothered to install it.