KEYSPY : Password Capturing Made Easy By MnemoniX v0.90á - 1995 A little something I cooked up when I was bored one afternoon ... KEYSPY is a program which is intended to capture keystrokes when a password- protected or login program is run and save them in a hidden file in the root directory. This will enable the resourceful user to find plenty of login names and passwords. The program will drop a .COM program with the same name as a user-selected program. When the .EXE program is called at the command line, the .COM program will be run first (spawning viruses work on this premise), and the spy program will pass control to the .EXE file after going memory resident. The program is specially designed to hide both itself and the capture file from any directory search. It searches for files with a date of February 30 (obviously impossible) on them, and hides them from such searches. If you don't understand any of the above, don't worry about it. Just follow these instructions to run KEYSPY: 1) Find an .EXE program commonly run. The first one in the AUTOEXEC.BAT file would be a great target - let's say it's MOUSE.EXE. Then run the KEYSPY program as follows: KEYSPY MOUSE.EXE or whatever .EXE program you wish to attach the spy program to. (This program doesn't have to be the login or password program, although it can be.) Then, when it asks: Enter filename of program to spy on : enter the name of the password-protected program or login program you wish to spy on (i.e. LOGIN.EXE). KSINIT will create a hidden .COM program with the same name in the same path as the .EXE program you specified on the command line. This program will install the spy utility, and will be run every time the .EXE program is run. 2) If you want, run the .EXE program from the command line to install the program in memory. 3) Leave it there. The program will save keystrokes in a hidden file in the root directory called MMSDKEYS whenever is run. The contents of the file might look something like this: ae692 jenny < X:\LOGIN\LOGIN.EXE > jcrandal SAILING < C:\START\LOGIN.EXE > In the above example, the program X:\LOGIN\LOGIN.EXE was run, and the keystrokes the program captured are directly ABOVE it. (One could deduce that the login name for this person was "ae692" and the password "jenny". The program C:\START\LOGIN.EXE was also run, and again the captured keystrokes are above it in the file - a login and password again. You see what you can do with this now? 4) The capture file will normally be hidden from sight, but you can view it with the KSVIEW utility. Just run KSVIEW.COM on the computer, and it will dump out the contents of the file. You could also run it and filter the output to a file or the printer, like this: KSVIEW > PRN to send the captured keystrokes to the printer. To test this program, I have included a program called KSTEST.EXE which asks for a login and password, but does nothing. Try spying on it by entering: keyspy kstest.exe Or give the name of another .EXE program, and then run that program. Then type KSTEST.EXE as the name of the program to spy on. Run the program, give a phony login and password, then run KSVIEW - and you'll see what you entered right there. A few notes: * The program might also capture keystrokes from certain other programs. You see, it identifies the programs to spy on by the last four letters of their name. For example, if you were spying on START.EXE, the program would also capture keystrokes from a program named TART.EXE or RESTART.COM. This is nothing to worry about - just ignore the data you don't want. * The program currently only captures a maximum of 150 keystrokes each time a program is run. Normally this shouldn't be much of a limitation. * If you wanted to, you could create a more innocuous-looking dropper program yourself using the dropped .COM program. Disclaimer: I, the writer of this program, do not condone any illegal activity that you may be inspired to do having obtained this program, and will not be held responsible for any damages inflicted upon yourself or others with this program. This is merely an attempt to point out flaws in PC security, and not to be used for unlawful purposes. (There. Got that out of the way.)