(IMPORTANT) Informations regarding CLEO Keyloggers

TheZeRots

Expert
Joined
Dec 21, 2013
Messages
1,247
Reaction score
1
Opcode.eXe link said:
[quote author=Mr.Ze link=topic=9132.msg53296#msg53296 date=1407577678]
There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.
[/quote]

What? Send me an example.... i wanna see that..
[/quote]
If I manage to find one... I have found one like a month ago... also, you broke the damn quote!!
 

blackHat

Expert
Joined
Jul 28, 2013
Messages
930
Reaction score
2
Opcode.eXe link said:
You can also feel the stealer stealin your data!

Example:

You just wrote something into a dialog and pressed ENTER.
- In that moment you pressed ENTER you should 'see' the game stopping/lagging for like 1 Second. That is because the stealer is sending data to the logger page. CLEO pauses the game until it gets a response from the function to send the data. MEH.

:sweet_jesus:

Nigga how you will detect 1 second lag...
 

blackHat

Expert
Joined
Jul 28, 2013
Messages
930
Reaction score
2
Mr.Ze link said:
There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.


What? Send me an example.... i wanna see that..

If I manage to find one... I have found one like a month ago... also, you broke the damn quote!!

I already give a notify for this kind of keylogger it is store it on temporary file it is in smalltalk section i think
 

T3KTONIT

Well-known member
Joined
Sep 2, 2013
Messages
308
Reaction score
5
[member=2]0x688[/member]

Hmm we can create an anti-keylogger and release it here if someone wants to be protected against them :D, c'mon don't you think it is really fucking easy to make one?
all we have to do is like, hook ws2_32.inet_addr or ws2_32.send or something since probably those keyloggers most likely they use TCP we will not have problems with the game since it is UDP xD easy, job done..

i might make one like, tomorrow or something..  :dont_care:
 

Opcode.eXe

Expert
Joined
Feb 18, 2013
Messages
1,486
Reaction score
227
Location
( ͡° ͜ʖ ͡°)
blackHat link said:
Nigga how you will detect 1 second lag...

You can feel the dialog being stuck for 1 sec, also if you look at trees, entrace markers, maybe also if the camera is moving you will see it freezing etc. bla meh  :yuno:
 

m1zg4rd_PL

Well-known member
Joined
Jul 19, 2013
Messages
222
Reaction score
0
Opcode.eXe link said:
You can feel the dialog being stuck for 1 sec, also if you look at trees, entrace markers, maybe also if the camera is moving you will see it freezing etc. bla meh  :yuno:

And what if someone will add wait 5000 before sending log? We have to detect malcious functions by their calls, lots of people have lags in game, before spawn menu too.
 

Opcode.eXe

Expert
Joined
Feb 18, 2013
Messages
1,486
Reaction score
227
Location
( ͡° ͜ʖ ͡°)
m1zg4rd link said:
And what if someone will add wait 5000 before sending log? We have to detect malcious functions by their calls, lots of people have lags in game, before spawn menu too.
  :dont_care: Just use steallogger.asi , also maybe 0x688 is going to make a logger which detects all calls...
 

0x_

Wtf I'm not new....
Administrator
Joined
Feb 18, 2013
Messages
1,116
Reaction score
167
damn, in theory it is easy since GTA:SA or SA:MP does not make any of these noob calls.
But it will lock down Updater's too (as example SAMPFUNC's).
 

m1zg4rd_PL

Well-known member
Joined
Jul 19, 2013
Messages
222
Reaction score
0
0x688 link said:
damn, in theory it is easy since GTA:SA or SA:MP does not make any of these noob calls.
But it will lock down Updater's too (as example SAMPFUNC's).

Then plugin should ignore whitelisted files by SHA-1 checksums...
 

T3KTONIT

Well-known member
Joined
Sep 2, 2013
Messages
308
Reaction score
5
0x688 link said:
damn, in theory it is easy since GTA:SA or SA:MP does not make any of these noob calls.
But it will lock down Updater's too (as example SAMPFUNC's).
we can create filters for those.
 

Opcode.eXe

Expert
Joined
Feb 18, 2013
Messages
1,486
Reaction score
227
Location
( ͡° ͜ʖ ͡°)
0x688 link said:
damn, in theory it is easy since GTA:SA or SA:MP does not make any of these noob calls.
But it will lock down Updater's too (as example SAMPFUNC's).

Just make an LOGGER which shows logs like:
Some mod tried to acces: "www.gaystealer.com/steel.php?=password"
Some mod tried to acces: "www.gaystealer.com/steel.php?=username"
So when we see lines like that we just remove the .cs and done  :forever_hurra:
 

inZ

Well-known member
Joined
Apr 6, 2013
Messages
270
Reaction score
1
Opcode.eXe link said:
Just make an LOGGER which shows logs like:
Some mod tried to acces: "www.gaystealer.com/steel.php?=password"
Some mod tried to acces: "www.gaystealer.com/steel.php?=username"
So when we see lines like that we just remove the .cs and done  :forever_hurra:
:dont_care: :face_palm: JK
Opcode's right something like a textdraw :p
 

Pinii

Active member
Joined
Sep 18, 2013
Messages
126
Reaction score
0
Mr.Ze link said:
I may have a way to detect a keylogger by running it.

If someone has a keylogger for test, I'd like to try out my method, but I am pretty sure it works.

I won't say anything about it unless I can be 100% sure.

P.S. I think those are the only sites, I couldn't find any other.

P.P.S. Information*

:celeral_spitting: 1k posts

give us the information, security is first. If nothing is in risk, upload it  :fuck_yea:
 

0B36

Expert
Joined
Jan 6, 2014
Messages
1,324
Reaction score
8
djakLu link said:
What is this ? http://prntscr.com/7m6vim

Windows HOSTSFILE

http://www.thewindowsclub.com/hosts-file-in-windows
 
Top