Keylogger is not some kind of weapon for hackers or a kind of control tool for all kinds of secret organizations, but is standard means ensuring personal security, which is required by almost every citizen. Such software is especially necessary if several people have access to its device.
However, over time, the demand for such utilities has increased so much that a variety of companies began to develop them, and not every keylogger is suitable in certain situations. It is for this reason that it is best to decide in advance what features and advantages each individual program has.
SC-KeyLog
This is a keylogger that completely records all keys pressed, while carefully encrypting the data it records. Among other things, it is worth considering that the program provides the ability to remotely view logs.
Like any similar program, this utility records texts of any type of email, as well as messages in various devices. The program also records all kinds of changes in text files, data that a person enters on web pages, mouse clicks, names of opening windows, start and close times various programs. It is worth noting that this software also saves typed user passwords and many other elements.
Functional
You can enter the correct settings when Wizard help, which will immediately blink before your eyes after the program is installed on your hard drive.
It is worth noting that the utility is quite actively detected by almost any antivirus program, so you should not think that you will be able to use it secretly.
Ardamax Keylogger
The size of the program is quite standard for utilities of this class and is 392 kb. The utility itself is a completely average and at the same time easy-to-use keylogger. The program automatically tracks and permanently stores keystrokes from the keyboard, simultaneously indicating the time, the name of the program in which the data was entered, as well as the window title. It is worth noting that the software can work completely invisibly, as it has secrecy functions: files, automatic download, task manager and many others. If invisible work is necessary, the system is launched and controlled using hot keys, and logs can simply be sent to a specific email or server.
How is it determined?
In this case, antivirus programs do not work so actively, so it is quite possible to use such a program secretly. The interface is extremely accessible and understandable. The only negative is that the program is paid and quite expensive.
Actual Spy
In addition to the capabilities that any keylogger for Android and other operating systems provides you, this utility also has a lot of additional options. The most interesting among all is the ability to take screenshots from the screen at a certain period of time, thanks to which you can detect graphic password, all sorts of graphical access restrictions to certain Internet services used by the tracking object, as well as many other interesting points.
In addition, it should be noted that the program is distinguished by a number of other special functions, such as:
- Recording the start and close times of programs.
- Differentiation of the case of pressed keys.
- Monitoring the contents of the clipboard.
- Control over the operation of printers.
- Monitoring file system computer.
- Interception of visited sites.
- Much more.
The log files of this utility are encrypted, after which the report is generated in a fairly convenient html format or It is also possible to send it to a specific email box, server, computer via local network. You can also set your own password to view logs.
Everything in moderation
For ease of use, a separate limit is set on the size of text logs or screenshots, since the latter take up much more memory compared to text file. Among other things, you can set a limit on the volume. If too much information is copied there, only the part that was specified will be remembered.
Probably the best keylogger among all those offered today.
Convenience and safety
First of all, it is worth noting that this program is the most voluminous among all that can be found today on the Internet, but in fact only in the description everything looks scary, in reality, the keylogger for Android has a volume of only 1.51 MB. Special attention should be paid to the fact that its domestic manufacturers produce it, so understanding it is not as difficult as it might seem at first glance.
Antivirus programs happily ignore the fact that such a utility appears on the system, although some of them may signal that certain running processes are suspicious.
EliteKeylogger
"Elite Keylogger" is quite standard utility, which perfectly implements the standard set of functions. Sites visited, email messages, keystrokes, activation and shutdown times of various programs, passwords - all this is carefully recorded and stored in the utility logs, after which its owner can carefully examine the contents. In addition, this program carefully monitors documents sent by the user for self-printing.
This keylogger is famous among users for the fact that antivirus programs practically do not detect either the program itself or any processes that it carries out. It is not necessary to run it first this utility, it can be automatically activated along with the operating system, even starts a little earlier in order to determine the login and password that are entered during the process Windows boot. It’s worth noting right away that the program cannot be uninstalled if the user does not know the specialized password for the utility administrator. It is also impossible not to say that this keylogger is in Russian, it is impossible to find it, since it is not displayed in the tray, does not display any windows and, in principle, does nothing that could reveal its work.
The program detects and also demonstrates pressing not only any standard keys, numbers and letters. In addition, presses of service keys such as Shift, Alt, Ctrl, and many others are monitored. It is worth noting that the utility examines in sufficient detail all operations in the browser, that is, it records the links that the user enters into the browser, tracks on which specific pages various fields and forms were filled out, and also remembers the headers and clicked links in browsers.
Features and Security
It’s worth saying right away that the utility is distinguished by a huge number of different nuances and features. When installing, you should pay attention to what exactly you are installing - a hidden installation or the utility itself, because then you can suffer for a very long time trying to uninstall it. The utility itself is distinguished by an incredibly large number of various settings, so you will have to understand it in detail.
For example, you can configure the screen capture mode so that the utility automatically takes pictures high quality at certain time intervals or during certain events. This is a particularly convenient feature because it makes the program highly effective in most situations. It is worth noting that you can set up a fully automatic screen capture in the same way as with standard security cameras, and if no action occurs, screen saving will temporarily stop and no takes will be made. This way, you won't run into a situation where, when looking at the log, you need to look at a huge number pictures in search of what might interest you.
It is worth noting that the use of this program cannot detect even the majority of utilities that are commonly called anti-keyloggers, not to mention antivirus programs.
Fully automatic deletion of obsolete files once the log exceeds a certain point. If necessary, you can configure everything to your own discretion and needs, and also, for example, indicate that cleaning can be carried out only after a full report has been generated, which will be sent via email. Reports can also be sent via FTP or saved in a network environment.
The Rat
The program is written in standard assembly language, so this keylogger for Windows takes up only 13 KB. However, despite its size, the program can automatically monitor keystrokes in various password windows or the console, monitors the clipboard, and also has a huge number of other standard functions.
The utility is equipped with a specialized file binder, which allows you to almost completely eliminate the possibility of detecting source files by signatures. There is also our own text editor, which allows you to conveniently work with dump files, solving the problem of converting to Cyrillic or cleaning from all kinds of “garbage”.
In fact, when we activate a certain version of this program on our computer, we see an application that configures the operation of the utility. The result of this customizer is executable file- multifunctional keylogger (Windows 7). Passwords and other text data that the user enters are saved to the log completely automatically, and even after the system is rebooted, the utility will continue to work. You can remove it from your computer only with the help of a specialized customizer-configurator, as well as hot keys.
Can antivirus programs detect it?
The developer stated that this keylogger in Russian is completely invisible to antivirus programs and special programs, which are tracked by such “keyloggers”. Most antivirus programs are completely indifferent to the full version, but at the same time the demon is detected almost immediately paid program. The keylogger also offers a lot of settings, but viewing the log normally is not as easy as it might seem at first glance.
Of course, the functionality is far behind any serious utilities. However, if you need a keylogger on your computer just for reference, then this utility is perfect.
Various spyware are necessary in conditions where many people have access to one computer.
In these conditions, the user may want to know which sites were visited from his computer (for example, by children), whether theft occurred from credit cards using saved passwords, etc. to clarify these issues you will need.
Our review will allow you to make the best choice.
Features of choice
What exactly is a keylogger? This is a program that, strictly speaking, is not directly related to the keyboard.
It is installed in the computer's memory and acts on. Often, signs of its activity are not visible on the computer unless you specifically look for them.
Such a program interacts indirectly with the keyboard, that is, it works with a program on the PC that converts the signals received by the processor as a result of pressing buttons into text when printing.
That is, the action of such software is aimed at collecting information entered through the keyboard.
There are such utilities different types– with the help of some you can view all the text typed from the keyboard, with others – only what was typed in the browser or in any selected application.
Some programs provide the ability to configure such indicators, others do not.
They also differ from each other in the degree of secrecy. For example, the activity of some is obvious, a shortcut remains on the Desktop, etc., such programs are suitable for monitoring the activities of, for example, children.
Traces of the presence and activity of others are not noticeable at all - they act hidden and are suitable for installation on someone else’s computer, when the fact of installation needs to be hidden from a third-party user.
Given such diversity, choosing the most suitable software can be quite difficult.
This material presents the TOP best programs, which can be used for this purpose. It is easier to choose the right one among them.
Specifications
To simplify the selection process software The table below shows the main comparative characteristics of all programs included in the TOP.
| Name | License type | Type of information collected | Functional | Design |
|---|---|---|---|---|
| SC-KeyLog | For free | All | Wide | Simplified |
| WideStep Handy Keylogger | Free/Paid | All | Wide | Improved |
| Actual Spy | Paid | All | Very wide | Standard |
| EliteKeylogger | Paid | All | Wide | Standard |
| The Rat! | Free/Paid | Less than previous | Quite wide | Unaesthetic |
| SPYGO | For free | Depending on version | Depending on version | Standard Windows appearance |
| Ardamax Keylogger 2.9 | For free | From the keyboard | Narrowed | Simplified |
| NS Keylogger Personal Monitor 3.8 | For free | All | Narrowed | Simplified |
| KGB Spy | Paid | From the keyboard + open programs | Narrow | Simple |
| Golden Keylogger 1.32 | For free | From the keyboard | Very narrow | Simple |
Based on the characteristics from this table, it is easy to choose the program that best suits your specific requirements.
These utilities are described in more detail below.
SC-KeyLog
This is voluminous and functional program spy, which is distributed free of charge.
In addition to specifically tracking information entered from the keyboard, it is also able to collect addresses of visited sites, passwords, open windows in the browser.
Gives full information about all actions performed on the computer. In this case, the generated file can be viewed remotely from another device.
- Possibility of remote access to a file from another device;
- No traces of program activity on the computer with the correct settings;
- Variety of data collected - information about almost all actions on the PC can be accessed.
- Saves passwords only up to NT0;
- Too simple menu and unaesthetic design;
- A rather inconvenient format for displaying the result.
What do users who actively use this software say? “Absolutely invisible to the user”, “Data arrives regularly by email.”
WideStep Handy Keylogger
This application is distributed free of charge. The full paid version costs $35.
Quite an interesting and functional program that is worth the money if you are willing to pay it.
Distinctive feature– the ability to send recorded data at a specified frequency. Otherwise it works fine, often more stable than other programs on this list.
- Collection of various types of information;
- Complete invisibility of work on the user’s computer;
- Simple interface and controls.
- The design is better than the previous program, but still not great;
- The result display format is inconvenient;
- The paid version is quite expensive.
Users' opinions about this software are as follows: “Convenient, simple and functional program. Quite invisible when working.”
Actual Spy
This is a functional and complex paid program costing 600 rubles. However, it has a demo version that is free.
Feature of this software– ability in a given period of time.
This helps solve the problem of entering a graphic password/key, which has recently become widespread.
- Many types of information collected plus the ability to take screenshots from the screen during a specified period;
- A large number of others additional functions and features;
- Records not only actions, but also the time they were performed;
- Encrypts the generated log.
- The duration of work (collection of information) in the free demo version is 40 minutes;
- Paid distribution, although a more or less reasonable price;
- Enough heavy weight programs.
User reviews about this application are: “The program is excellent. Well done programmers!”
EliteKeylogger
Paid program with a fairly high price– 69 dollars. It operates completely undetectably on a PC in low-level mode, making it almost completely undetectable.
Interesting and convenient feature – automatic start software, occurring simultaneously with the launch of the system itself.
It is difficult to detect or not detected at all even by special anti-keyloggers.
- Completely hidden action and difficult to detect;
- Low-level driver-type operating format and automatic startup when the system boots;
- It also tracks the presses of not only the main, but also the service keys on the keyboard.
- A rather complex system for installing the program on a PC;
- The program is expensive, but you can find an old hacked version on the Russian Internet;
- Quite a complex system individual settings program, which, however, justifies itself.
What do users say about this software? “Good program”, “A little short of Jetlogger.”
The Rat!
Quite a common and popular, functional utility with a paid license.
However, for private use, a free demo version is provided for a limited period.
The program is very simple– any advanced user can write the same. However, it is completely undetectable by antiviruses and special programs that detect such software.
- Simplicity, functionality and high stability;
- Minimum file weight and space occupied by it on the computer;
- Quite a lot of settings.
- A rather unpleasant design, made in black, white and red;
- The functionality is somewhat narrower than in the programs described before;
- Inconvenient viewing of the log and generally inconvenient interface and use.
Users say the following about this program: “It works stably, but is a bit simple,” “The program is good, it allows you to collect data unnoticed.”
SPYGO
This is a fundamentally new keylogger, designed to work on and developed by a Russian programmer.
Keylogger or what is a keylogger.
A keylogger is a small piece of hardware or a program whose purpose is one thing: to intercept the characters typed from the keyboard by the victim. One of the most unpleasant programs for the user, which is used by hackers to fake the digital identity of a bona fide user.
Based on the use of special equipment, a keylogger (like the one on the left - in the section of the keyboard wire) is rarely used and requires professional skills in installation and maintenance. On the contrary, it is not so difficult to detect, and therefore we will talk about it some other time. And now I’ll tell you about interceptors in the form of software that can “work” in your system for a long time, and you won’t even know about it. We’ll talk about how to determine whether a keylogger is running on a computer at the end of the article. Let's get down to what's on the internet today on this topic. As expected, there is a lot of this goodness on the Internet. Eat free programs, there are also paid versions.
What is a keylogger for?
The specifics of the program leave no shadow of doubt on the use of such utilities: it allows you to spy on the user by transmitting characters typed on the keyboard. Another question: by whom and against whom?
- It is quite understandable that parents care about their children traveling on the Internet, whose online activities begin to bother the father and mother, who, however, do not want to openly come into conflict with the child, prohibiting everything and everyone. More than once, such utilities simply helped out, signaling the appearance of a child in social network a friend who is “a little” older and is about to realize his sick fantasies.
- It is quite legitimate for an employer to want to make sure that an employee spends his or her time at the computer productively. And, if it is not so, present the claim with evidence. At the same time, make sure that a couple of secrets did not “go to the side.”
- finally, illegal connection to the user’s computer with the aim of stealing typed passwords, logins, etc.
Keylogger Free keylogger.
Can intercept characters from the keyboard, data contained in the clipboard and network addresses from the browser address bar. There are a couple of inconspicuous functions, for example, a hidden operating mode (Ctrl+Shift+Alt+U), removing program shortcuts and hiding from the list of installed and uninstalled programs. Disadvantage of the program: in its free version, the most important function - hiding from the user's eyes - cannot be enabled. Autorun in Windows is possible, but the running program will blink treacherously from the tray. You can’t hide it from view - a window pops up notifying you that the function is available in the paid version. As are some others.
The only program window where:
- Allows the program to start immediately when the system starts
- Hide the program in the menu Start
- It will also allow you to intercept addresses in the browser and (to the right) the names of running programs
- We will notify you daily at the postal address specified in the field.
During installation, you will have to fight with the antivirus for several minutes, because neither configuration nor running the utility will escape it.
Keylogger DanuSoft
Simple and free. Also presented as a window with 4 tabs. Can hide by entering a secret word. The default is HIDEKEY, and you can force SHOWKEY to appear.
In the Log File Settings tab, you can specify the size of the document with intercepted records and, in fact, show the document itself. There are only 2 settings in the Startup Settings tab: launch with Windows and stealth mode.
Keylogger
Another simple program. After installation, you will be greeted by a colorful window. The functionality is poor, it doesn’t hide itself. But it's free. Immediately after installation, it will ask you to set a password so that the information, after interception, becomes available only to the installer:
The program window:
Keylogger REFOG Free Keylogger
The free version of the program, the manufacturer of which is quite experienced in such programs, is capable of intercepting characters typed, sites visited, and programs launched. However, I’ll warn you right away – quite a number of users have had difficulties uninstalling the program, especially the paid version, so try it at your own peril and risk. From this link you can download the latest version of the program.
Keylogger Revealer Keylogger Free
One of the most popular programs on the network. Lots of functions, easy to use. It is password protected, does not hang in the system tray, and is not visible in the settings for installing and removing programs. You should install it carefully, as some other program is asked to be installed on your computer. Screenshots will only be available in the paid version. When closed, it will warn you that it will continue to work in the background (you can return it using Ctrl+Alt+F9). The program is Russified, so you can quickly figure out the settings:
Keylogger KidLogger
Free, open source. It already knows how to work with USB devices. Records audio from a microphone and works with Skype. Log files can be viewed locally and remotely using a specially created online account. It works in hidden mode, but can be seen from the Task Manager. You can protect it with a password, but you will have to launch it from a shortcut, which in principle is not a problem, by registering the launch in Windows startup. You can download it from the link and select the one you need there. operating system(I have the Windows version in the archive):
Keylogger Actual Keylogger
Unlike previous programs, it is completely invisible. It cannot be seen in the Manager either; the folder with the program will be hidden, the shortcuts will not be displayed. You also cannot remove it using a traditional uninstaller. A very tricky thing. Also has password protection. Antiviruses don't like it very much. I have it in my archives. But the program is paid, install and check out the features.
Who among us hasn’t wanted to feel like a cool hacker at least once and break at least something? :) Even if not, then let’s talk about how great it would be to get a password from your mail/social network. the network of a friend, wife/husband, roommate thought at least once by everyone. :) Yes, and you have to start somewhere, after all! A significant part of attacks (hacking) involves infecting the victim’s computer with so-called keyloggers (spyware).
So, in today’s article we’ll talk about what are free programs for monitoring computers on windows based , where you can download their full versions, how to infect a victim’s computer with them, and what are the features of their use.
But first, a little introduction.
What are keyloggers and why are they needed?
I think you yourself have guessed what it is. As a rule, they are a kind of program that is hidden (although this is not always the case) installed on the victim’s computer, after which it records absolutely all keystrokes on this node. Moreover, in addition to the clicks themselves, the following is usually recorded: the date and time of the click (action) and the program in which these actions were performed (browser, including the website address (hurray, we immediately see what the passwords are for!); local application; system services (including Windows login passwords), etc.).
From here one of the problems is immediately visible: I got access to my neighbor’s computer for a couple of minutes and I want to get her password from VK! I installed the miracle program and returned the computer. How can I look up passwords later? Looking for a way to take the computer from her again? The good news is: usually not. Most keyloggers are capable of not only storing the entire accumulated database of actions locally, but also sending it remotely. There are many options for sending logs:
- A fixed email (there may be several) is the most convenient option;
- FTP server (who has it);
- SMB server (exotic, and not very convenient).
- A fixed flash drive (you insert it into the USB port of the victim’s computer, and all logs are copied there automatically in invisible mode!).
Why is all this needed? I think the answer is obvious. In addition to the banal stealing of passwords, some keyloggers can do a number of other nice things:
- Logging correspondence in specified social networks. networks or instant messengers (for example, Skype).
- Taking screenshots of the screen.
- View/capture webcam data (which can be very interesting).
How to use keyloggers?
And this is a difficult question. You need to understand that just finding a convenient, functional, good keylogger is not enough.
So, what is needed for successful work spyware:
- Administrator access to a remote computer.
Why is this not at all necessary? physical access. You can easily access it via RDP (Remote Desktop Service); TeamViewer; AmmyAdmin, etc.
As a rule, the greatest difficulties are associated with this point. However, I recently wrote an article about how to get administrator rights in Windows. - Anonymous e-mail / ftp (by which you will not be identified).
Of course, if you are breaking Aunt Shura for your neighbor, this point can be safely omitted. As is the case if you always have the victim’s computer at hand (ala, find out your brother/sister’s passwords). - Lack of working antiviruses / internal Windows protection systems.
Most public keyloggers (which will be discussed below) are known to the vast majority of antivirus software (although there are logger viruses that are built into the OS kernel or system driver, and antiviruses can no longer detect or destroy them, even if they have detected them). Due to the above, anti-virus software, if any, will have to be mercilessly destroyed. In addition to antiviruses, systems like Windows Defender (these first appeared in Windows 7 and onwards) also pose a danger to our spyware. They detect suspicious activity in software running on a computer. You can easily find information on how to get rid of them on Google.
These, perhaps, are all the necessary and sufficient conditions for your success in the field of stealing other people’s passwords / correspondence / photos or whatever else you want to encroach on.
What types of spyware are there and where can I download them?
So, let's begin the review of the main keyloggers that I used in my daily practice with links to free download their full versions(i.e. all versions are the latest at the moment (for which it is possible to find a cure) and with already working and tested cracks).
0. The Rat!
Ratings (out of 10):
- Stealth: 10
- Convenience/usability: 9
- Functionality: 8
It's just a bomb, not a keylogger! In working condition it takes 15-20 KB. Why be surprised: it is written entirely in assembly language (veteran programmers shed tears) and written mostly by enthusiastic hackers, due to which the level of its secrecy is simply amazing: it works at the OS kernel level!
In addition, the package includes FileConnector - a mini-program that allows you to connect this keylogger with absolutely any program. As a result, you get a new exe of almost the same size, and when launched, it works exactly like the program with which you glued it together! But after the first launch, your keylogger will be automatically installed in invisible mode with the parameters for sending logs that you have previously specified. Convenient, isn't it?
An excellent opportunity for social engineering (bring a game file/presentation to a friend on a flash drive, or even just a Word document (I’ll tell you how to create an exe file that launches a specific word/excel file in one of my next articles), launch, everything is fine and wonderful, but the friend is already invisibly infected!). Or just send this file to a friend by mail ( better link to download it, because modern mail servers prohibit sending exe files). Of course, there is still a risk from antivirus software during installation (but it will not exist after installation).
By the way, using some other techniques you can glue any distribution together hidden installation(these are available in The Rat! and Elite keylogger) not only with exe files (which still raise suspicion among more or less advanced users), but also with ordinary word / excel and even pdf files! No one will ever think anything about a simple pdf, but that’s not the case! :) How this is done is the topic of a whole separate article. Those who are especially zealous can write me questions through the feedback form. ;)
Overall, The Rat! can be described for a very long time and a lot. This was done much better than me. There is also a download link there.
1. Elite keylogger
Ratings (out of 10):
- Stealth: 10
- Convenience/usability: 9
- Functionality: 8
Perhaps one of the best keyloggers ever created. Among its capabilities, in addition to standard set(interception of all clicks in the context of applications / windows / sites), includes interception of instant messenger messages, pictures from a webcam, and also - which is VERY important! - interception of WinLogon service passwords. In other words, it intercepts Windows login passwords (including domain ones!). This became possible thanks to its work at the system driver level and launch even at the OS boot stage. Due to this same feature, this program remains completely invisible to both Kasperosky and all other anti-malware software. Frankly, I have not met a single keylogger capable of this.
However, you shouldn’t delude yourself too much. The installer itself is recognized by antiviruses very easily and to install it you will need administrator rights and disabling all antivirus services. After installation, everything will work perfectly in any case.
In addition, the described feature (working at the OS kernel level) introduces requirements for the OS version on which the keyloggers will work. Version 5-5.3 (links to which are given below) supports everything up to and including Windows 7. Win 8 / 10, as well as Windows server family (2003 / 2008 / 2012) are no longer supported. There is version 6, which functions perfectly, incl. on win 8 and 10, however, it is currently not possible to find a cracked version. It will probably appear in the future. In the meantime, you can download Elite keylogger 5.3 from the link above.
There is no network operation mode, therefore it is not suitable for use by employers (to monitor the computers of their employees) or an entire group of people.
An important point is the ability to create an installation distribution with predefined settings (for example, with a specified email address where logs will need to be sent). At the same time, at the end you get a distribution kit that, when launched, does not display absolutely any warnings or windows, and after installation it can even destroy itself (if you check the appropriate option).
Several screenshots of version 5 (to show how beautiful and convenient everything is):
2. All-in-one keylogger.
Ratings (out of 10):
- Stealth: 3
- Convenience/usability: 9
- Functionality: 8
It is also a very, very convenient thing. The functionality is quite at the level of Elite keylogger. Things are worse with secrecy. Winlogon passwords are no longer intercepted, it is not a driver, and is not built into the kernel. However, it is installed in system and hidden AppData directories, which are not so easily accessible to unauthorized users (not those on whose behalf it is installed). Nevertheless, antiviruses sooner or later successfully do this, which makes this thing not particularly reliable and safe when used, for example, at work to spy on your own superiors. ;) Gluing it to something or encrypting the code to hide it from antiviruses will not work.
Works on any version of Win OS (which is nice and practical).
As for the rest, everything is fine: it logs everything (except Windows login passwords), sends it anywhere (including e-mail, ftp, fixed flash drive). In terms of convenience, everything is also excellent.
3. Spytech SpyAgent.
Ratings (out of 10):
- Stealth: 4
- Convenience/usability: 8
- Functionality: 10
Also a good keylogger, although with dubious secrecy. Supported OS versions are also all possible. The functionality is similar to previous options. There is an interesting self-destruct function after a specified period of time (or upon reaching a predetermined date).
In addition, it is possible to record video from a webcam and sound from a microphone, which can also be very popular and which the previous two representatives do not have.
Eat network mode work, which is convenient for monitoring an entire network of computers. By the way, StaffCop has it (it is not included in the review due to its uselessness for one user - an individual). Perhaps this program is ideal for employers to spy on their employees (although the leaders in this field are unconditionally StaffCop and LanAgent - if you are a legal entity, be sure to look in their direction). Or to keep track of your offspring who love to sit and watch “adult sites”. Those. where what is needed is not concealment, but convenience (including a bunch of beautiful log reports, etc.) and functionality for blocking specified sites/programs (SpyAgent also has it).
4. Spyrix Personal monitor.
Ratings (out of 10):
- Stealth: 4
- Convenience/usability: 6
- Functionality: 10
The functionality is at the level of the previous candidate, but the same problems with secrecy. In addition, the functionality includes interesting thing: copying files from USB drives inserted into the computer, as well as remotely viewing logs through a web account on the Spyrix website (but we are going to download a cracked version, so it will not work for us).
5. Spyrix Personal monitor.
Ratings (out of 10):
- Stealth: 3
- Convenience/usability: 6
- Functionality: 8
I won’t describe it in detail, because... this instance does not have anything that one of the previous spies did not have, however, someone may like this keylogger (at least for its interface).
What do we end up with?
The issue of using a keylogger is more ethical than technical, and it greatly depends on your goals.
If you are an employer who wants to control his employees, feel free to set up StaffCop, collect written permission from all employees for such actions (otherwise you may be seriously charged for such things) and the job is in the bag. Although I personally know more effective ways increasing the performance of its employees.
If you are a novice IT specialist who just wants to experience what it’s like to break someone and how this thing works in general, then arm yourself with social engineering methods and conduct tests on your friends, using any of the examples given. However, remember: the detection of such activity by victims does not contribute to friendship and longevity. ;) And you definitely shouldn’t test this at your work. Mark my words: I have experience with this. ;)
If your goal is to spy on your friend, husband, neighbor, or maybe you even do it regularly and for money, think carefully about whether it’s worth it. After all, sooner or later they may attract. And it’s not worth it: “rummaging through someone else’s dirty laundry is not a pleasant pleasure.” If you still need to (or maybe you work in the field of investigating computer crimes and such tasks are part of your professional responsibilities), then there are only two options: The Rat! and Elite Keylogger. In the mode of hidden installation distributions, glued with word / excel / pdf. And it’s better, if possible, encrypted with a fresh cryptor. Only in this case can we guarantee safer activities and real success.
But in any case, it is worth remembering that the competent use of keyloggers is only one small link in achieving the goal (including even a simple attack). You don’t always have admin rights, you don’t always have physical access, and not all users will open, read, and even more so download your attachments/links (hello social engineering), the antivirus won’t always be disabled/your keylogger/cryptor won’t always be unknown to them . All these and many untold problems can be solved, but their solution is the topic of a whole series of separate articles.
In short, you have just begun to dive into the complex, dangerous, but incredibly interesting world of information security. :)
Sincerely,Lysyak A.S.
To check the security of passwords entered via KeePass, I decided to write a simple keylogger with additional data capture from the clipboard. The entire code took a few lines in FreePascal.
Passwords, without additional security measures and proper configuration of KeePass, turned out to be quite vulnerable.
The keylogger code is placed in a Timer loop, which is updated every 10 ms. Modules used: Windows and ClipBrd.
//Compare the current state of the keys for f:= 0 to 255 do if a[f]<>GetAsyncKeyState(f) then begin //Reaction to pressing a key if KeePass.Checked and (GetAsyncKeyState(f) = 0) then Memo1.Caption:= Memo1.Caption + chr(f); //Reaction to key press if not KeePass.Checked and (GetAsyncKeyState(f)<>0) then Memo1.Caption:= Memo1.Caption + chr(f); end; //Save the current state of the keys into an array for f:= 0 to 255 do a[f] := GetAsyncKeyState(f); //Write when changes are made to the clipboard if s<>Clipboard.AsText then begin s:= Clipboard.AsText; Memo2.Caption:= Memo2.Caption + s + " "; end;
The Simple Logger program looks like this:
The -Keyboard- window displays keys without regard to case and input language. The symbol whose number is equal to the key code is displayed: chr(f). The program can be modified to display all symbols correctly, but this is not required for this study.
Copying to the -Clipboard- window occurs when the contents of the buffer change.
Weaknesses of KeePass and their elimination
1. Enter the main password
By default, the main password in KeePass is entered without secure mode, so it can be easily determined in Simple Logger. This is the most critical place in security, because... here we get access to the entire password database at once.To fix the problem, you need to enable the Security setting “Enter the master password in secure mode (similar to UAC in Windows Vista and above)". This mode prevents the logger from accessing the keyboard. In addition, it is impossible to take a screenshot to determine the location of the Key File.
This mode is activated only when the main password is entered. The protection of other passwords will be discussed further.
2. Clipboard
Simple Logger responds to clipboard changes 100 times per second. Thus, entering the password into the buffer and then deleting it after a few seconds does not provide protection in this case.To resolve this issue, you can use AutoDial.
3. Auto dial
The response to KeePass autodialing occurs by pressing a key, not pressing it. This allows you to get protection from some keyloggers. To get around this, Simple Logger has additional customization: "KeePass Auto-Type". If it is turned on, the logger is triggered when a key is pressed.When autodialing via KeePass: MyLoginName LongPassword123
An entry will appear in Simple Logger:
Simple Logger does not take into account keyboard shortcuts in any way. As you can see, the Shift key is displayed as a special character (similar to “+”) and “?”. Shift is released both before and after capital letter. However, this is enough to understand the password.
To solve this problem, you can use the “Double autodialing complexity” setting in KeePass. In this case, KeePass will enter part of the password from the keyboard and part through the clipboard, shuffling the values. This allows you to bypass some keyloggers.
Simple Logger will react to the Double complication of autodialing as follows:
- Paste from the clipboard "Ctrl + V" is displayed as "V◄?";
- Left arrow – “%” (key code and symbol #37);
- Right arrow - """ (key code and symbol #39).
Additional protection measures can help against a keylogger designed for KeePass.
4. Additional protection
In some software systems there are such possibilities as:- Protection of data input from a hardware keyboard;
- Secure browser.
When using a secure browser, it was not possible to access the clipboard and keyboard using Simple Logger. In addition, there was no way to take screenshots.
Instead of a conclusion
After looking at how our employees use KeePass, I found that some:- don't use UAC;
- do not use autodialer, simply copying passwords through a buffer;
- leave the program open when leaving the workplace;
- use default settings without configuring security policy.
I tested latest version KeePass 2.36 in Windows environment 8.1. To be fair, it should be noted that this problem is not just a KeePass problem. There are many other password keepers with greater or lesser degrees of reliability, but this is a topic for another study.
Links
- Simple Logger on GitHub
//Who cares, you can find an exe file in the “SimpleLogger_for_Win64.7z” archive. The program does not allow full-fledged keylogging; it is intended for security research and informational purposes.
Browser plugin
As user dartraiden noted, it is possible to use the module KeepPassHttp together with browser add-on PassIFox or ChromeIPass. This plugin (according to the developer) provides secure exposure of KeePass records over HTTP.This combination allows you to automatically fill in your login and password in the browser when KeePass is unlocked. Simple Logger does not react in any way in this case.
The weak point of ChromeIPass is the generation of a new password, because... it is copied via the clipboard and visible on the screen. In this case, it is better to generate a new password in KeePass itself.
Creating a new master password
As noted by arthur_veber:When replacing the master password, as well as when creating a new one, safe mode is not used.
In this case, Simple Logger intercepts the master password entered into KeePass.
Virtual does not help either onscreen keyboard from a well-known manufacturer, which, like the KeePass autodialer, works based on a key press event.
It's difficult to give advice here. We probably need to draw the developers' attention to this problem.
Other means of attack
As user qw1 was the first to point out, if the system on which KeePass is installed is compromised, then attack tools other than the keylogger can be used. In this case, the list of actions to counter the attack will depend on the specific situation.Unfortunately, it is impossible to cover in one article all the security measures that are necessary for storing passwords.