SECRET OF CSS

Creating a Remotely Accessible Keylogger With Python | by Aleksa Zatezalo | Sep, 2022


A simple socket-based program

1*Ycj9ECuIyOo2gorWsOA3Bw
Source: https://www.sangfor.com/sites/default/files/2022-07/what_is_keylogger_software.jpg

A keylogger is a program most commonly associated with hackers.

Although also used by system admins and network security professionals, it’s used to exfiltrate data to remote machines tends to give it a bad rep. Put in simplest terms, a keylogger captures and records the keystrokes of a target machine. Often it uses email or network protocols to send captured keystrokes to a remote machine, sometimes run by hackers.

Filtering through these captured keystrokes, hackers can sometimes find sensitive data such as passwords, credit card numbers, or personally identifiable information. Today we will create a keylogger to enhance the understanding of security professionals and ethical hackers.

The project in question will use Python and rely on a socket server. One socket will run on our client machine and act as a server to receive data and print it to the terminal. The second file will run on our target machine and will act to monitor, format, and send keystrokes to the server.

A socket is one endpoint of a two-way communication link between two programs running on the network. A socket is bound to a port number so that the TCP layer can identify the application that data is destined to be sent to. In Python, sockets can be written in less than five lines of code. To code a client socket, we must bind a port to an IP and set it to listen mode, as follows:

import socket
host = socket.gethostname()
port = 12345
s = socket.socket() # TCP socket object
s.bind((host,port))
s.listen(5)

Sockets that act as clients simply connect to a host and a port as follows:

import socket
host = socket.gethostname()
port = 12345
s = socket.socket() # TCP socket object
s.connect((host,port))

The benefit of using sockets in your keylogger is that it allows you to monitor the keystrokes of a remote machine for… system administration purposes.

Building on the code above, our server will simply listen for data sent over by the connecting client and print it to the terminal screen. This will be done via an infinite “while True” loop seen from lines 16–19. It will have to decode the data in bytes, as seen on line 19.

Our client will use an on_press listener to construct a specially crafted string for the server. It will start by initializing a string to be sent, logstringwith a carriage return (line 1). When each letter is typed, it will append it to the logstring, only sending the string to the client once we press enter (seen on line 23).

Lines 9–18 were meant to append non-letter keys such as Esc which are appended with the prefix Key in Python’s pynput.keyboard library. These non-letter elements were each added on their own line for readability purposes.

Both code snippets should give you enough data to complete the rest of the code. To test the keylogger, first run your server, then your client, and type away. To see the whole keylogger, check out my GitHub, linked below.

I hope this petite project enhances your cyber security knowledge and helps you on your journey to cybersecurity mastery.

Happy hacking!



News Credit

%d bloggers like this: