In this tutorial I will teach you how to set up your own Keylogger and also protect yourself against them.
What is a Keylogger?
A keylogger is a program that records a persons keystrokes (everything they type) and send the logs back to the the hacker by either email of FTP.
Good keyloggers also detail what program the keystrokes were typed into.
Settings
For this tutorial I will be using images from Unknown Logger V 1.3.3 as I believe that it is very thorough logger but there are many free keyloggers
which I will link in another section.
Note: We will be going from the top left going down
There are two ways that you can receive your keylogs email or FTP.
Email
With email I recommend you create a two new email addresses (one for
sending and one for receiving) and not to use your personal email.Gmail is usually what people use as it can hold lots of logs and is secure if you have the settings right.
Email Address: you put your email address into that, obviously.
Password: you put in the password of your keylogger email. I recommend your new email address has a different email than your personal email address
because if you have it as your recovery email they can see the address and login with the same pass.
SMTP Server: is where you get your email. So for Gmail it would be smtp.gmail.com and for Hotmail it would be smtp.live.com . You can search for these if you are not sure.
Logs Sent To: you put where the logs will be sent to. You could set this as the same email address you used in the first field but this would be less secure and you would be much safer having them sent to a different email with a different pass.
Port: this is the SMTP port. For Gmail this port is 587. You should look up what port your email provider uses.
FTP
For FTP you need an FTP server. There are many sites that offer FTP like http://www.drivehq.com or just go here: http://www.lmgtfy.com/?q=free+website+hosting+ftpUsername: Your FTP Username (you will be given this)
Password: You will be given this or asked to make one depending on host
URL: This is the FTP address where it will save logs. You will be given the address by your host.
I would advise you to test these. Lots of keyloggers offer you a button to test.
Icon
Icons add to your servers credibility.Location: you put the address of the icon you want to use here. If you are going to be crypting or binding there's no need.
File Pumper
File Pumpers increase the size of the server file. This is used to make it more believable.Add: here you put how many KB/MB/GB you want to increase your file by.
In: Here you select what format the number you had in the Add box was in (KB, MB or GB). KB stand for Kilobytes and would be used for very small amounts. MB stands for Megabyte and would be best if you are say, binding it with a song. Songs are usually 4-6MB. GB stands for Gigabytes and would be used for huge files like Adobe C26 Suite would be 200GB or more.
Send Logs Time Interval
This is important. This is how often you want the logger to send
keylogs. Don't set it too small because you would just get lots of very
short logs, and don't set it too high to say 2 hours as your victim
mightn't use the PC for that long and it would never get sent. Best
setting would be 30-60 mins.Server: just the name that it will put in the file it outputs.
The checkbox is self-explanatory.
Antis
These disable or make your server undetectable to antiviruses and
sandboxes and other forms of security. It varies from program to program
what way the antis work. I would advise enabling these as they allow
your keylogger to be on the computer for longer.
Spreaders
These are methods of infecting more computers using your victims
computer. They operate by infecting files sent on P2P programs
(Limewire, Shareaza, Emule, Bearshare etc.), infecting USB drives (USB),
sending files over LAN (LAN), infecting specific filetypes (Rar, Zip)
sending files of chat and messaging applications (Outlook, Omegle, MSN,
Yahoo, Skype, ICQ) and other methods.Spreaders are always handy for getting more victims with little effort as it uses your victims computer power rather than your time and energy.
Stealers
Stealers take logins and keys for various programs. They make the
process of taking usernames and passwords a lot quicker as you won't
need to search through endless logs.
Fake Message
Possibly the silliest feature (yet for some reason every RAT and
Keylogger has one) and one I would advise you not to use it. Basically
what it does is bring up a fake error message on your victims PC. If you
do use this it will be quite obvious to the user that their PC is
infected and they will remove your keylogger.
Webcam Logger
This will take pictures/video with the webcam on the victims PC if they
have one. Set the interval the same as the logs interval before if you
want to use it.
Screen Logger
This will take screenshots of the victims screen every period of time.
Set it the same as logs too if you want to use it. If it is set too low
you will have too much data.
Clipboard Logger
This saves text that the victim copies to the clipboard. So basically every thing copy is saved.
Download and Execute
It is very important that you have this on every keylogger or RAT that
you use. It allows you to install another keylogger or RAT on your
victims PC. This mean that you can change to a different RAT or
keylogger later or give some victims to a friend or what not.Add link(s) to places where you can put a file to download and execute if you ever need it eg: http://www.dropbox.com/5235121/public/newserver.exe OR you can make a shortened link at bit.ly and direct it to your server when you need it.
Webpage Loader/Ad Visitor
This opens webpages and ads. Its obvious and would alert your victim
that they are infected. You would use affiliate links and other methods
to get money from this feature.
Run at Startup
It will start the keylogger on start up. Tick it no matter what.
Melt
This deletes the server file once it has infected the PC.
Mutex
Click + several times. This helps make it more undetectable.
Text to Speech
This will play a message using Windows text-to-speech feature when
server is installed. Similar to Fake Message it alerts the victim that
they are infected and has no benefit so I advise you not to use it
Assembly Changer
This changes the Assembly Information on your file. If you go to the
properties of any file on your computer and go to Properties>Assembly
you will see information about the file. That's what the Assembly
Changer changes.
Cookie Deleters
These are brilliant! If your victim has saved their passwords for
different sites they wont need type them in and your keylogger wont get
them so what this does is delete their cookies so that they have to
login again.
Website Blocker
This blocks websites. The options given in this picture block Virus scanning websites but you can add other sites too.
Disablers
These disable different windows features on the victims computer so that
it is harder for them to remove your virus. If your victim is savvy
they will notice this straight away and remove the keylogger very
quickly. I wouldn't use these except maybe Disable system restore,
disable registry tools and disable registry as these are not used as
often and wouldn't be noticed.
What Next?
Worming
Worms make your victim spread your virus to his contacts and whatever
the plug their USB stick into etc. Our example above had worm options
(spreaders) but not every keylogger, RAT etc have worm/spreading
options.
Crypting
Crypting is important if you want to get lots of victims and keep them
for a long time. It makes your server undetectable to Anti-viruses.FUD stands for Fully-undetectable and UD stands for Un-Detectable. FUD crypters are the best especially private ones.
Binding
Binding is when you bind your server with another file or program. It is
very useful for spreading. You would bind your server with
chessgame.exe (for example) and say "Hey check this cool game out!" and
when they open it the game will open but so will the RAT. The victim
would be none the wiser on whether they were infected or not whereas
they would be suspicious if nothing opened.
Spreading
These are methods of getting victims for your keylogger. You should get a few and use them as effectively as possible.
How do I Protect Myself Against Keyloggers?
Having an Anti Virus would be a start! Obviously be careful with what you download too.
There is a tool that I think works very well against keyloggers.
Its is called KeyScrambler. Whenever you type something it randomizes it so that if a keylogger has infected your PC they would just get logs of jumbled numbers, letters and symbols.
You can get KeyScrambler here: http://www.mediafire.com/?vu2542u0yuwes5y
The Official Site: http://www.qfxsoftware.com/download.htm
And the user and key:
Code:
alanmonick186@gmail.com MLWWLTFJ7
If you don't want to use keyscrambler there is also Zemana Anti-Keylogger
How To Reverse Engineer a Keylogger
This is my favorite part. If you know your PC is infected or a file is infected you can get the email login or FTP login from the server. People also go "whaling" and download obvious viruses from youtube to steal lots of keylogs and slaves from skids.
There are two ways to do this and I will explain both below.
Wireshark
1. Download and install WireShark if you do not already have it: http://www.wireshark.org/download.html . While it is installing make sure Winpcap gets installed with it.2. If you have an infected file and are not yet infected then open it in SandBoxie or VirtualBox or VMWare and follow these steps within the virtual machines. If you are already infected you can skip to the next step.
3. Once it is installed open it up and click "Capture" on the top menu and select the interface - if you are following in a virtual machine select that otherwise select windows or your network card.
4. Leave it on like that for about half an hour. This is to make sure the keylogger actually does connect back while you are capturing packets. (refer back to "Time Intervals")
5. When it is done you need to filter through the results for the FTP or email login. Type "FTP" in the filter box and search. If a login comes up for that then they have used an FTP server to take your keylogs. If not try "SMTP" to search for email login.
If this dosen't work then either -
- the keylogger hasn't connected back
- You did something wrong
- You are not infected