💾 Archived View for spam.works › mirrors › textfiles › hacking › skel_key.txt captured on 2023-06-14 at 16:56:59.

View Raw

More Information

-=-=-=-=-=-=-

Skeleton-Key 'PC Unlocking' Utility by the National Authoritarians Society.

DISCLAIMER:
        The author of this program takes ABSOLUTELY NO RESPONSIBILITY
for any harm caused directly or indirectly by this program.  The user
assumes FULL RESPONSIBILITY for anything s/he may do with it.  Please
do not abuse this program - it is designed for hobbiests and security
consultants who have an interest in this type of program and wish to
see how easily security can be bypassed by even anyone with a good 
working knowledge of the system it is implemented on.

Skeleton-Key is designed both to exploit and to demonstrate one of the
built in weaknesses in PC-based networks.  It simply goes resident in
memory, and reads keystrokes as they are typed in.  If the word "login"
is typed (case insensitive) then it clears a 256-byte buffer and begins
recording keystrokes.  Once the buffer is full, it stops recording and
stores the buffer until 'login' is typed again, at which point it
starts over.  If you haven't caught it already - the point is that 
if a net uses login for users to log into their accounts with,  any
accounts logged into will have their account name and password recorded.
If a user mis-spells login, Skeleton-Key will ignore it - remember to do
this when logging in to check the buffer.  Checking the buffer is trivial -
just run readkey.com, it will ask you whether to dump the information to a
file or to the screen.  If dumped to a file, the filename will be login.txt.
Either way - you now have the last person's account name, password, and
whatever they did first.

There are some situations in which this program will not work, such as when
another program takes over Int 16h or Int 09h completely....  but for the
most part it is very solid.

Key.COM - this is the installation file.  When run, you are given a choice
of methods with which to install the program in memory.  These are:

Int 27h
MCB Manipulation
Bios/Dos Manipulation

The advantages/disadvantages are as follows:

Int 27h:  This method is a fairly standard one with which user programs can
          become resident.  The program will go resident at the location in
          memory at which it is executed, and will keep the necessary size
          + 100h bytes for the PSP.  When Mem /p or something similair is
          executed, the name of the file that made the program go resident
          will be displayed.  The good thing about this is that Anti-Viral
          scanners and other security software will generally ignore this.
          The bad thing is that others may not, especially if they are 
          looking for whatever is giving away their passwords.

MCB Manipiulation: This method directly changes DOS's memory control blocks
          to make room for the program at the top of use memory, usually
          somewhere around 9fb0:0100.  It ends Dos's memory chain at the
          block it starts out in, so once it is memory resident it will
          NOT show up on things like Mem /p and System Information (SI),
          although the decrease in memory will.  This keeps most users from
          detecting it, but some anti-viral products may mistake this for
          a virus.

BIOS/Dos Manipulation: This method uses BIOS to reserve 1K at the top of 
          memory for the program.  Basically it is the same as above,
          except that the available memory to DOS (total - including used)
          will decrease by one K, usually from 640k to 639k.  This is
          noticed by some anti-viral products, and may be noted by adept
          users using mem or chkdsk.
      
I'm including a demo file to test it with - check it out.  If you decide
to program a similar program (for some reason this one doesn't do it for
ya - like if 'login' isn't the word you use) or if you need tech info, 
the following should help.  Also check out the source code if it is included
inside the file - it will be in some release versions.
          
          Regardless of the method used to go memory-resident, the memory
resident portion of the program is always the same code.  It hooks the
regular keyboard interrupt (Int 09h) and, after each activation, it checks
to see if there is a key waiting in the buffer using Int 16h, function 01,
and - if so - checks it to see if login has been spelled.  IF so, then it 
initiates the buffer and begins storing keystrokes unconditionally until
it has logged 256 keystrokes.  It then stops logging until login is typed
again, at which point it starts over.  It does not check for typing errors,
so you can bypass it at this point - it is, however, case insensitive.
Oh - with NDos (from reports I've heard - not verified) and at least some
versions of Novell (verified) one can do this more simply just by hooking
Int 21h, function 08h - Read Keyboard W/O echo.  This does not work on
all systems, however, so I chose a different way to implement it.  Also -
one stealthy technique that can be used that I declined to do in this one
is to use one of the 'holes' in memory that is never, or rarely, used.
Such places can be found at the top of the interrupt table, at times in
video memory (dangerous - work on this technique for a while and test it
before deciding to run it on the net), and in DOS buffers and the like.
The advantage of this technique is that the memory available to the user
does not decrease, and so obviously MEM and CHKDSK won't have a clue.
The disadvantages are that there is usually a size limitation on the holes,
and under some circumstances crashes may occur.

Note that the beauty of this program is that one can run it in the morning,
come back at any time during the day, and collect one user's worth of
information without worrying about the program being present on the 
computer's disk.  Also - no matter how tight the security is on the disks,
how encrypted their passwords are, how well chosen and random the users
make their passwords - it works.  Always attack something at its weakest
point - in this case, it is the simplistic structure of the IBM workstation.


________________________________________________________________________

This file was downloaded from the ....

        ???????????????????????????????????????????????????
        ???????????????????????????????????????????????????
        ??   A D J A C E N T   R E A L I T Y   B B S     ??
        ??  ?????????????????????????????????????????    ??
        ??   Forum for non-censored discussion and file  ??
        ??   exchange for the expierenced computer user. ??
        ??                                               ??
   ????????????????????????????????????????????????????????????
   ? ? Cracks & Unprotects             ? Animations           ?
   ? ? Encryption                      ? Home of SFDNC,SU,    ?
   ? ? Virus/Anti-Virus                  SFNEW and much more. ?
   ? ? Virtual Reality                 ? ACTIVE message bases ?
   ????????????????????????????????????????????????????????????
        ??         Call now at (615) 586-9515            ??
        ??                                               ??
        ???????????????????????????????????????????????????
        ???????????????????????????????????????????????????