- -=[ Fearless KeySpy v2.0 Readme ]=- -
http://ghirai.areyoufearless.com
(c)oded by Ghirai of fearless
Please read this before using FKS !!!
[ Description ]
FKS is a very small key logger
(with 2.5 KB, it's probably the smallest key logger for win32 with this set of
features), that will upload the logs to a ftp server you specify, when the log
reaches a certain size. It will start every time with windows, and will log
*all* keys, and the window caption (between [> <] chars, like "[> Yahoo! Mail -
Microsoft Internet Explorer <]") they were typed in.
The logs will be uploaded with the name "[Victim
Name]_[time]_FKS20", like Victim1_10-23-15_FKS20 (10 o'clock, 23 minutes and 15 seconds).
Just change the files' extension to .txt to view it with notepad, for example.
FKS
is fully compatible with all win versions.
Before running, you should check the editor's MD5
Checksum, contained in the file "FKS 2.0.md5" inside the package.
If it doesn't match or if you can't find the key file, please don't run the file. Download the
official version from
http://areyoufearless.com !
[ Configuring the Server ]
It should be easy to set up
if you ever used a trojan before; run "FKS.exe", which is the server builder.
First, the Server Options tab:
-> In the "Server Name" field, enter a new for the server after installation,
something unsuspicious
would be better (use your imagination).
Note that if you specify a filename that exists on the host computer (in the sys
dir), it will be overwritten!
-> The Registry Key field: same as above, enter something "normal" ;)
-> The "Remove" Filename: enter a filename (any extension, or no extension),
that you should upload to your ftp server in case you want to remove the server.
See "Removing the Server" below for more info on this.
-> The Victim Name: a descriptive name, so
you can differentiate between the log files (the victim name will be part of the
filename).
-> "Get and exec." is a filename
that the server will try to download (in the system folder) and run. If the
download has succeeded, the file file will be deleted from the ftp server. If
you do not want to use this feature, simply don't upload a file with that name
to the upload directory.
The Logging Options tab:
-> "When log gets..." filed: the size of the log file when it
should get uploaded;
you have to think here a little, depending on what you're after: if you want a
quick log, enter a small file size (5-10000 bytes). If not,
500000 bytes (50KB) should be ok. Note that some ftp servers have a size limit,
but that's your problem.
-> Log file name field: enter a filename, any extension, or no extension, etc.
Note that you shouldn't type system filenames, cause they will get
overwritten...
The Upload Options:
-> The ftp server field: enter the hostname of your ftp server, like
"ftp.myhost.com", or "myhost.com". You should know that... The server will
connect to port 21 (default for ftp).
-> Ftp username: your ftp username
-> Ftp password: your ftp password
->Upload dir: remote directory
(folder) where the logs will be uploaded (for example, if you have a folder
Victim1 on your ftp server, you would enter "Victim1" in this field). This
folder must exist, or else the logs will be uploaded to the root (/) folder of
your ftp server.
You should change the default settings, and use different ones (server name, reg key, etc.) for each victim.
That's it, hit "Build Server", and you're done. The editor will
generate a
"server.exe" file, in the path where you have the editor.
DON'T compress/encrypt or otherwise tamper with the server file!
You
can and should change the exe's name, and you can also bind it.
[ Removing the Server ]
Upload the "remove" file (the one
you configured in the editor) in the same path where the logs get uploaded, no matter what
contents/size (can be 0 bytes long too, or you can paste some crap in).
Usually the file name is case sensitive (depends on the server), so be careful.
The server will keep uploading the logs until you upload the "remove" file; each
time the server uploads a log, it checks for the "remove" file, and if it's
there, it will remove itself from the victim.
If the server has successfully
removed itself, it will delete the "remove file" from the ftp server.
[ Undetectectables/etc ]
For a small fee (depending on what you want) you
can:
- get a private, undetected version.
- get some features you'd like built in (also
means you'll get a undetected, private version).
- get the whole source code: editor(VB6), and server(masm),
all in all about 4100 lines of code.
Details can be found on
http://ghirai.areyoufearless.com
[ FAQ ]
Q: I ran the server by mistake!
What do i do?
A: If you know the settings, just upload a "remove.me" file to your ftp
account.
Q: Can i compress/encrypt the server?
A: No you can't, it's already compressed, and if you mangle with it,
chances are, it won't
work anymore...
Q: Can i have the source code?
A: No, unless you make a donation.
Q: The log files don't get uploaded! What's the problem?
A: You probably got some settings wrong, or you set a very high log file
size limit (in this case you have to wait)...
Q: When typing in one of the
fields in the editor, it locks and i can't add any more text/whatever. Why?
A:There is a limitation, i've tried to make it suitable for everyone settings.
If you have such a problem, there's nothing i can do about it. You can email me
though, and i can enlarge the limit in the next version.
Q: I got everything i need from my victim. How can i remove the server?
A: See "Removing the Server".
Q: How do i know if the server has been removed?
A:The "remove file" will be deleted from your ftp server
Q: How do i know if the "Get and exec" file has been
ran?
A: The file will be deleted from your ftp server.
If you have any more questions, post in the forums @
http://areyoufearless.com/forums/index.php
(preferably), or email me.
[
Greets ]
Fearless Crew ( you know who you are:) ), Doc, ZATRiX.
[ Beta Testers ]
leeach, ZATRIX
Thank you for your time.
[ Contact ]
If you have any suggestions, comments, etc. don't hesitate to contact me.
Email: ghirai@areyoufearless.comHave fun,
Ghirai.
<EOF>