TapTrap
(Trojan.Spy.TapTrap)

by RattleSnake

Written in Visual C++

Released in April 2002


	Project Name:		TapTrap
	Project Type:		Keylogger and Mouse Spy
	Project Compiler:	Microsoft Visual C++ 6.0
	Project Environment:	Microsoft Windows 2000 Professional

	Note: I will use the word "user" instead of "victim", just
	because this wasn't made to be c/p stuff for scriptkiddies.
	This is a piece of code which should help you understand
	C/C++ and the Windows API a bit more.

	#include <stddisclaimer>
	I do not support any illegal activities you perform with this
	Software. Within theis readme file I will explain TapTrap
	from the view of a malicious Intruder, but you should only
	use the software for security auditing, securing your own
	machines or just to learn about the code. I am not responsible
	for anything you do with this program, malicious or not.
	Now let's finally start ....


	TapTrap is a Keylogger which uses the Windows API to log:

		a) Keystrokes as original ASCII characters, 
		   independant from the user's language.
		b) Window Names when being activated, so you know
		   in which window / which context the buttons
		   were pressed.
		c) Mouse clicks. When the user clicks the button
		   "Cancel" in some window with the left mouse button,
		   TapTrap will record that the user clicked his
		   left mouse button on a window class named "button"
		   with the caption "Cancel". Fine, hm?
		d) On Copy/Paste/Cut actions, TapTrap displays the
		   Contents of the users clipboard.

	Furthermore, the Logs are sent to you from the remote user's 
	machine	automatically, using an email account specified by you
	or just trying different possible mailservers. 

	Ok, you certainly want to know how to get it work. There are
	only two steps necessary to set up the Keylogger:

		1) edit the configuration
		2) run it on the remote machine

	As soon as the Program is being run on the remote machine, it
	copies its executable and the configuration file to the system 
	directory, runs this copy of itself and exits. It adds an entry
	to the registry to be executed at startup and starts logging 
	immediately. When an error occurs or the Application closes
	due to other problems, it attempts to restart itself. When it
	has collected enough logfiles on the users pc, it waits untill
	the user connects to hte internet and sends the files via email.
	The logs are stored in HTML format to make reading them  rather 
	comfortable. I suppose whetting your appetite was successfull
	already, so how to configure and run this baby ??

	1) Configuration
	   �������������
	   A configuration file, config.ini, comes with this Program.
	   Editing this file is the easy way to configure TapTrap, but
	   the ini file has to be in the same directory as the executable
	   when the program is run on the remote machine in order to
	   make configuration possible. 
	   The other way to configure TapTrap is to get a Windows compiler,
	   edit the Header file configure.h and to compile, link and bind TapTrap
	   again. However, only those of you who know how to code in C/C++
	   should do that. I assume those who know C/C++ also understand
	   this header file, and thus I wil only explain config.ini so
	   far:

	   # Start Config ini sample

		[mail_receiver]
		[email protected]
		display_name=RattleSnake

		[mail_send]
		[email protected]
		password_required=yes
		password=PASSWORD
		[email protected]
		server=mail.gmx.net

		[makefile]
		filename=\Win32Services.exe
		registryname=Win32sstart

		[limits]
		autobackup=20
		timermax=20
		storelogs=5

	   # End Config ini sample

	   sendto_email is the email that the Keylogger's logs will be sent to.
	   display_name it your name. Enter anything you want ;). Easy as a 
	   drunk nympho, quoting good old tuna - but how about the next section?
	   Well, here you have to specify an Email account to send the email
	   from. display_adress is the adress of this account, password and 
	   username are password and username (duh) and server specifies the
	   SMTP Server (Mailserver) of the provider. password and username are
	   stored in plaintext, exactly - and they are only used if password_required
	   is set to "yes". I strongly suggest you do not use your own email account
	   but create a new, fake account at yahoo, gmx or anywhere else. 
	   You can, however, also find an emailserver which allows you to send 
	   email anonymously and use that one. If you want TapTrap to try out
	   multiple mailservers - no problem!

	   # Start Config ini sample
		...
		[mail_send]
		server=rome.ccomm.com;wisdom.psinet.net.au;emout17.mail.aol.com;mdr.de

	   #End Config ini sample


	   Exactly, you can simply add multiple servers by separating them with 
	   semicolons or commas. TapTrap will connect to each of them and send the
	   email once it connected successfully. Now on to the makefile section
	   These are fake names for TpTrap when it writes itself to the system
	   directory and the registry. filename has to start with a backslash, just
	   because I am a lazy coder. Check the code if you are terribly interested.
	   filename is the name of the TapTrap exectable within the remote users
	   system directory which will be run at startup. registryname is the name
	   of the entry in the remote users registry which starts the executable
	   at windows startup. Still with me? Good. 
	   autobackup is the ammount of keys a user can press untill the current 
	   logfile is backuped, prevents from loosing all logged data when the program
	   crashes somehow. For all those of you who read and understand the code:
	   timermax is used to randomize the timer loop which records the keytaps, check
	   the code for more. Leave it as it is, thats what I would suggest. It should
	   be a value between 15 and 50. storelogs is more interesting, it defines how
	   many logs are stored on the remote machine untill TapTrap attempts to send 
	   them by email. 

	   That's it. Configuration finished. A little tip for windows 2000 users:

			- Press Start
			- Enter "iexpress.exe"
			- Click "Run"

		You can use this setup client to create neat setup applications. Just add
		TapTrap.exe and the configuration file and choose TapTrap.exe as the
		installation command. Make a self extracting setup exe and use this one -
		Easy as a drunk nypho, right!


	2) Run it on the remote machine
	   ����������������������������
	   Come on kids, use a Trojan, social engineer a bit and install it yourself,
	   or just send it to rather stupid people. Or get a binder and bind it with some
	   game, thats a nice idea as well ... 


	
	- RattleSnake



Server:
size: 278.616 bytes

MegaSecurity