Inet 2.0 (b)
Copyright © MegaSecurity
By Mandrake the Magician
Informations
Author | Mandrake the Magician |
Family | Inet |
Category | Password Stealer |
Version | Inet 2.0 (b) |
Language | Delphi |
Additional Information
Server:
size: 64 KB
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "inet"
Author Information / Description
Program: inet -- Keystroke Recorder for Post Terminal Screen and
Connect To screen + mail sender with that info.
Version: 2.0 (Freeware).
Released: 24th February 99.
Original Creator : Mandrake the Magician
***********
Disclaimer: The author will not be responsible for anything!
***********
-----------------------------------------------------------------------------
target machine means the machine on which the program is installed.
------------------------------------------------------------------------------
Main features:
* Once installed you get the passwords + username of the target machine by mail
* Auto load at start-up.
* Subsequent mail is (supposed to be) sent only when there is a change in password.
* Will not be detected by any antivirus software.
* Can't be seen even in the tasklist got by pressing Ctrl-Alt-Del
--------------------------
**************|Where it will not work ?|***************************
| *** |
-------------------------
* On a machine running any other operating system than Win95 or Win 98.
* Where they are sharing a dial-up connection using Web Ramp or similar tools.
* Where they are using leased line.
* Where they are using a proxy server to share a modem.(If you can get the
program installed on the machine which has the modem then it might work)
Introduction:
-------------
inet.EXE is a Windows 95/98 freeware utility that records keystrokes
on the Post Terminal Screen (the screen that comes once you connect to
VSNL or any other ISP without scripting) and Connect To screen (the one
that comes when you click a phone book entry of dial-up networking)
It then sends the username and password if the guy uses scripting.If the victim
uses the Post-Terminal Screen whatever is typed in the post terminal screen will
be sent.The mail is sent automatically when the machine on which the program is installed,
is connected to the internet.You have the option of setting the e-mail address
(the one to which the passwords will be sent)at install time.
Details are given below in the **What you need to do ?**section
The program does no harm to the system as such.It will not be detected
by any antivirus programs, as it is not a virus.
How it works ?
--------------
The program was written in Delphi 3.The main executable loads a keyboard
hook when it detects the Post-Terminal Screen or Connect To screen.
It saves whatever is typed in the post-terminal screen or
Connect To screen of win95/98 to a file.The collected information is sent as
e-mail as soon as the machine which has the program installed is connected to the internet.Once the mail is sent the progarm terminates.It gets loaded again on the next windows start-up.Mail is sent again only if there is a change in password.
What you need to do ?
---------------------
You are reading the inet.TXT file which has instructions on installation
& usage.You should not put this file on the target machine for obvious
reasons.
1) Run the self-extracting setup program setup.EXE.
2) You will prompted for an e-mail address,Enter the address to which the passwords
will be sent.
4) Delete setup.exe to remove any traces.
That's it. You can expect two e-mails if you installed the program
while you were connected to the net.The first one will be without
password if the user typed the password in the post terminal screen or
on the Connect To screen.But the second one,which 'll be sent when the
target machine connects to the net the second time.Subsequent mails are supposed to
arrive only when the user has changed the passwords.
Preferred Modus Operandi:(for internet booths -Hope you have read where it won't work above)
Download the setup.exe from http://members.xoom.com/mmandrake.Then send this file
as an attachment to your own hotmail/any mail account.
There are a lot internet cafe's now who are screwing people with high
charges.They are easy targets.Go to Department of Telecom's booth if
at all possible.(Government's money is everyone's money :)
Now go in with the pretext of checking mail at your hotmail account.
Check your account which has the files.Download the attachment setup.exe
and run it(as per Step1).
If you used the Save to disk option while downloading,its advisable to
delete it(setup.exe) before you leave the place.
Check your mail (account specified in the file e) later and Presto You Have The Passwords - Always. At any time there is a change you are updated.
Uninstallation:
The files inet.exe,isys.dll,isys.sys gets copied to the system directory
(default is C:\WINDOWS\SYSTEM)inet.exe and isys.dll can't be deleted directly if the program
is runing.
To close the program Go to the Start Menu,select Run and just type inet.exe and hit enter.
Now the program gets closed and you can delete all the above mentioned files in the system directory.
There are two registry entries made by the program and you can delete that also if you are familiar with the registry.
The entries are
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Inet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Send
Or you can use the uninstallation program at my site members.xoom.com/mmandrake
----------------------------------------------
End Note:
----------------------------------------------
After reading all these long instructions you might be pretty bored.And you
might perhaps have a natural question What's my benefit ? I saw guys struggling
for passwords in all those password mailing lists.So I thought I'll share the
program which Iam using to get passwords with others.Lets make it a free world.
One last advice:
Once you get the password please do not change it.It helps no one.
Bye for now .
You can always send comments and problems, if any, regarding this program
to
[email protected]
If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.