- -=[  Fearless KeySpy v1.1 b Readme  ]=- -
 

http://www.areyoufearless.com/

(c)oded by Ghirai of fearless

 

Please read this before using FKS

 

[ Description ]

FKS is a keylogger, that will upload the logs to a ftp server you specify, when the log reaches a certain size. It will start everytime with windows.
It will log *all* keys, and the window caption (between [> <] chars, like "[> Yahoo! Mail - Microsoft Internet Explorer <]") they were typed in. Date and time when system starts/stops will also be logged.
The logs will be uploaded with the name "FKS_[Victim NAme]_[time].log", like FKS_Victim1_10-23-15.log (10 o'clock, 23 mins and 15 secs).
When reading the log, "<RET>" means enter (return), "<BS>" is backspace, "<ESC>" is escape, "<TAB>" is the tab key, and "<DEL>" is the delete key.

FKS is compatible with 9*/Me/NT/2K/XP, and has been tested on 98/Me/NT/2K/XP.


[ Configuring the Server ]

It should be easy to set up if you ever used a trojan before; run FKS.exe.

First, the server options tab:
-> In the "Server Name" field, enter a new for the server after installation, something unsuspicious
would be better (use your imagination).
Note that if you specify a filanem that exists on the host computer(in the sys dir), it will be overwritten!
-> The Registry Key field: same as above, enter something "normal" ;)
-> The "Remove" Filename: enter a filename (any extension, or no extension), that you should upload to your ftp server in case you want to remove the server. See "Removing the Server" below for more info on this.

->The Upload Dir: this is where the logs will be uploaded. This directory must exist on your ftp server. If you have a Victim1 dir in your root dir, then you'll have to enter "Victim1" in this field to get the logs uploaded here. If you have multiple dirs, one in another, like [root]/Logs/Victim1, then enter Logs/Victim1 in the field, and the logs will get there.


The Startup Options:

There's not much to say here... checking all is most of the time a good option (depends from situation to situation, you should know better than me when you need or don't need to check an option).
-> The "melt" option, decide if you want to use it (usually it's a good idea).
 

The Logging Option tab:
-> The ftp address fileld: enter the hostanme of your ftp server, like "ftp.myhost.com", or "myhost.com". You should know that... The server will connect to port 21 (default for ftp).
-> Ftp username: type in your username
-> ftp password: enter your ftp password
-> "When log gets..." filed: the size of the logfile when it sould get uploaded; you have to think here a little, depending on what you're after: if you want a quick log, enter a small filesize (5-10000 bytes). If not,
500000 bytes (50KB) should be ok. Note that some ftp servers have a size limit, but that's your problem.
-> Logfile name fileld: enter a filename, any extension, or no extension, etc. Note that you shouldn't type system filenames, cause they will get overwritten...

You should change the default settings, and use different ones for each "host".

That's it, hit "Build Server", and you're done. The editor will make a "server.exe" file, in the path where you have the editor.
DON'T compress/encrypt or otherwise tamper with the server file!

You can bind the server with another file(s) is you want, i suggest you use YAB by Faceless Wonder (http://areyoufearless.com).

[ Removing the Server ]

Upload the "remove" file (the one you configured in the editor) in the same path where the logs get uploaded, no matter what contents/size (can be 0 bytes long too, or you can paste some crap in).
Usually the file name is case sensitive (depends on the server), so be careful.
The server will keep uploading the logs until you upload the "remove" file; each time the server uploads a log, it checks for the "remove" file, and if it's there, it will remove itself from the victim.

[ FAQ ]

Q: I ran the server by mistake! What do i do?
A: If you know the settings, just upload a "remove.me" file to your ftp account. The server will eventually delete the logfile and itself...

Q: Can i compress/encrypt the server?
A: No you can't, it's already compressed, and if you mangle with it, it won't work anymore...

Q: Can i have the sourcecode?
A: No, it's not open-source, and it will probably never be.

Q: The logfiles don't get uploaded! What's the problem?
A: You probably got some settings wrong, or you set a very high logfile size limit (in this case you have to wait...).

Q: I got everything i need from my victim. How can i remove the server?
A: See "Removing the Server".

If you have any more questions, post on the forums @ http://areyoufearless.com (preferably), or email me.

[ Greets ]

Fearless Crew, Doc, X-HUMANATION, ZATRiX.

Special thanks to WaCko! for the banner ;)

Beta testers: mf4, WaCko!, ZATRIX

[ Contact ]

Please don't email me asking questions already answered in this readme, or asking for source, undetected versions, etc.
 

If you have any suggestions, comments, etc. don't hesitate to contact me.


EMail: ghirai@areyoufearless.com
Web : http://areyoufearless.com

Have fun,
Ghirai.

<EOF>