Skip to content

Gurpreet06/RDP-Stealer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
RDPStealer.cpp
RDPStealer.cpp
 
 
README.md
README.md
 
 
server.php
server.php
 
 

Repository files navigation

RDP-Stealer

RDP-Stealer is C++ malware that targets Remote Desktop Protocol (RDP) processes. It acts as a keystroke logger, capturing credentials provided by users in RDP and sending back encrypted data to a C2 server.

Features

  • Basic Sandbox Evasion
  • Executes without a visible window (in the background).
  • Captures keystrokes in RDP processes using the context of mstsc.exe and CredentialUIBroker.exe.
  • Encrypts the captured data using XOR and BASE64.
  • Sends data to a C2 server.

Usage

  1. Create a recvData folder in the directory.
  2. Change SECRET_KEY from RDPStealer.cpp and server.php.
  3. Before running the RDPStealer.exe on the victim machine, first run the server.php.
php -S 0.0.0.0:8000
  1. Run the RDPStealer.exe on the victim machine and enjoy :).
.\RDPStealer.exe

Note ⚠️

  • It is better to use an HTTPS server instead of an HTTP server.
  • The program will execute in the background and will not display any windows, as it is shown in the video below.

POC

RDP-Stealer.mp4

About

The RDP-Stealer is C++ malware that targets Remote Desktop Protocol (RDP) processes. It acts as a keystroke logger, capturing credentials provided by users in RDP and sending back encrypted data to a C2 server.

Topics

windows cpp malware keylogger sandbox-evasion rdp-stealer rdpstealer

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages