Recon 1.0
Released 20 years, 10 months ago. January 2004
Copyright © MegaSecurity
By murdoc
Informations
| Author | murdoc |
| Family | Recon |
| Category | Information Stealer |
| Version | Recon 1.0 |
| Released Date | Jan 2004, 20 years, 10 months ago. |
| Language | Visual Basic |
Additional Information
Server:
size: 14.336 bytes
Author Information / Description
Recon KeyLogger
-=Recon - Edit Server=-
[ Ftp Info ]
- This is the info that will be used to connect to your ftp server(duh..) Most areas
are pretty self explanitory so there's no need for instructions. The directory is the
location where all logs will be uploaded to.
[ Startup Method ]
- Run One Time: When checked, this will run the server one time upon execution. When the
process has ended it will not start back up at any time.
- Load Server On Startup: This will copy itself to the system directory on the targeted
machine and add a string to "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" which
is pointed at the server residing in the sys directory. The Added Value Name is the string
value which will be shown in the registry.
[ Upload Options ]
- Minutes to Upload: This is where you specify the interval between uploads of the log. IE:
if you set the value to 10 minutes, the log will be uploaded remotely every 10 minutes.
- Remove File: This is the file that is necessary to upload if you want a server removed.
If you name the remove file "RemFi" you will have to upload a file with the exact same name (no extension,
unless one is specified) to your ftp Server. What happens is everytime a log is being uploaded,
the remove file is searched for, if it is found it removes the registry entry and kills
the process so it wont start back up when the machine starts up.
- Log Name to Upload: This will be the name of the Log file that is uploaded when that
server is executed.
- Server Name: The name of the created server
[ Fake Error Msg ]
- Pretty self explanitory as well. If you check "Use Fake Error Msg" a msg will pop up when
the server is executed. You'll need to specify the prompt as well as what icon to use with it,
you can also test this for authenticity.
[ Test FTP ]
- This option uses all the info from the Ftp Info section and will upload a test log to
your ftp server in the specified directory as TestLog.txt. This is just to test
your Ftp server to make sure it's live.
-=Recon - Ftp Control=-
[ Ftp Info ]
- Same as what is used in the Edit Server portion, click the "Get Original Info" button
to use the exact info from Edit Server.
[ Get/Delete Log ]
- Get Log: This is the log that has already been uploaded to your Ftp server from a remote comp.
Using the info from the Ftp Info section it will download the log to the Ftp Control folder
and shell execute it, opening it with it's associated program. As a side note,
this can also be used with any other form of file.
- Delete Log: This also use the info from the Ftp Info section and looks for a specified
log to be deleted from your Ftp Server. Also works with any file
[ Remove Server ]
- This is used to upload a specified file that is needed to remove a remote server. IE:
if you no longer want Recon to run a certain comp, upload the remove file specified in the
associated log (seen at the top under user name). This will upload the log to the location
specified in the Ftp Info section.
[ View Directory ]
- This will list all of the files in the directory that is specified in the Ftp Info section.
This makes it much easier to view logs that have been uploaded so you can verify that
they're there. From here, you can use this info to get the log/delete it or anything else
you'd want to.
murdocIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.