RDP-Stealer

RDP-Stealer is C++ malware that targets Remote Desktop Protocol (RDP) processes. It acts as a keystroke logger, capturing credentials provided by users in RDP and sending back encrypted data to a C2 server.

Features

Basic Sandbox Evasion
Executes without a visible window (in the background).
Captures keystrokes in RDP processes using the context of mstsc.exe and CredentialUIBroker.exe.
Encrypts the captured data using XOR and BASE64.
Sends data to a C2 server.

Usage

Create a recvData folder in the directory.
Change SECRET_KEY from RDPStealer.cpp and server.php.
Before running the RDPStealer.exe on the victim machine, first run the server.php.

php -S 0.0.0.0:8000

Run the RDPStealer.exe on the victim machine and enjoy :).

.\RDPStealer.exe

Note ⚠️

It is better to use an HTTPS server instead of an HTTP server.
The program will execute in the background and will not display any windows, as it is shown in the video below.

POC

RDP-Stealer.mp4

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
RDPStealer.cpp		RDPStealer.cpp
README.md		README.md
server.php		server.php

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RDPStealer.cpp

RDPStealer.cpp

README.md

README.md

server.php

server.php

Repository files navigation

RDP-Stealer

Features

Usage

POC

About

Releases

Packages

Languages

Gurpreet06/RDP-Stealer

Folders and files

Latest commit

History

Repository files navigation

RDP-Stealer

Features

Usage

POC

About

Topics

Resources

Stars

Watchers

Forks

Languages