by murdoc
Written in Visual Basic
Released in january 2004
Recon KeyLogger -=Recon - Edit Server=- [ Ftp Info ] - This is the info that will be used to connect to your ftp server(duh..) Most areas are pretty self explanitory so there's no need for instructions. The directory is the location where all logs will be uploaded to. [ Startup Method ] - Run One Time: When checked, this will run the server one time upon execution. When the process has ended it will not start back up at any time. - Load Server On Startup: This will copy itself to the system directory on the targeted machine and add a string to "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" which is pointed at the server residing in the sys directory. The Added Value Name is the string value which will be shown in the registry. [ Upload Options ] - Minutes to Upload: This is where you specify the interval between uploads of the log. IE: if you set the value to 10 minutes, the log will be uploaded remotely every 10 minutes. - Remove File: This is the file that is necessary to upload if you want a server removed. If you name the remove file "RemFi" you will have to upload a file with the exact same name (no extension, unless one is specified) to your ftp Server. What happens is everytime a log is being uploaded, the remove file is searched for, if it is found it removes the registry entry and kills the process so it wont start back up when the machine starts up. - Log Name to Upload: This will be the name of the Log file that is uploaded when that server is executed. - Server Name: The name of the created server [ Fake Error Msg ] - Pretty self explanitory as well. If you check "Use Fake Error Msg" a msg will pop up when the server is executed. You'll need to specify the prompt as well as what icon to use with it, you can also test this for authenticity. [ Test FTP ] - This option uses all the info from the Ftp Info section and will upload a test log to your ftp server in the specified directory as TestLog.txt. This is just to test your Ftp server to make sure it's live. -=Recon - Ftp Control=- [ Ftp Info ] - Same as what is used in the Edit Server portion, click the "Get Original Info" button to use the exact info from Edit Server. [ Get/Delete Log ] - Get Log: This is the log that has already been uploaded to your Ftp server from a remote comp. Using the info from the Ftp Info section it will download the log to the Ftp Control folder and shell execute it, opening it with it's associated program. As a side note, this can also be used with any other form of file. - Delete Log: This also use the info from the Ftp Info section and looks for a specified log to be deleted from your Ftp Server. Also works with any file [ Remove Server ] - This is used to upload a specified file that is needed to remove a remote server. IE: if you no longer want Recon to run a certain comp, upload the remove file specified in the associated log (seen at the top under user name). This will upload the log to the location specified in the Ftp Info section. [ View Directory ] - This will list all of the files in the directory that is specified in the Ftp Info section. This makes it much easier to view logs that have been uploaded so you can verify that they're there. From here, you can use this info to get the log/delete it or anything else you'd want to. murdoc Server: size: 14.336 bytesMegaSecurity