1
00:00:00,360 --> 00:00:01,280
Welcome back.

2
00:00:01,290 --> 00:00:06,510
Let's continue coding our key logger what we did by now will create the listener which will listen for

3
00:00:06,510 --> 00:00:08,490
the key strokes that the target inputs.

4
00:00:08,610 --> 00:00:15,150
It will process them inside the UN press function which will process the keys one by one it will add

5
00:00:15,150 --> 00:00:18,840
them to the kids list and then it will write them to the file.

6
00:00:19,020 --> 00:00:23,220
And this is the function for the left to code right after it writes in to the file.

7
00:00:23,220 --> 00:00:28,320
It will empty both the list and it will set the count variable to be four to zero so we can make sure

8
00:00:28,320 --> 00:00:31,250
that we write to the next characters correctly.

9
00:00:31,260 --> 00:00:35,460
All right so let's go a different file function and we can code it.

10
00:00:36,540 --> 00:00:38,420
Well let's call it below the press.

11
00:00:38,430 --> 00:00:39,350
Why not.

12
00:00:39,360 --> 00:00:40,760
Right here we can define it.

13
00:00:40,770 --> 00:00:49,350
So define write file and as we can see right here it takes one parameter which is Keith so let's call

14
00:00:49,350 --> 00:00:51,040
it that as well.

15
00:00:51,060 --> 00:00:57,030
Keith Right here and the first thing that we need to do is we need to open up our file where we are

16
00:00:57,030 --> 00:00:58,340
going to write it.

17
00:00:58,350 --> 00:01:05,730
Now here's where the program starts being a little bit different for Linux systems and for Windows systems.

18
00:01:06,720 --> 00:01:07,830
And let me show you what they mean.

19
00:01:07,890 --> 00:01:13,230
So at the beginning of the program right below the keys and the count variable we also want to create

20
00:01:13,290 --> 00:01:20,190
another variable which will be called path this path variable to store the name of the actual file that

21
00:01:20,190 --> 00:01:22,360
we want to open up and write keys to.

22
00:01:22,470 --> 00:01:28,770
So for Linux we can simply just type the file name whatever we want let's call it something that won't

23
00:01:29,010 --> 00:01:31,560
trigger deep target if they see it.

24
00:01:31,590 --> 00:01:39,570
So we type something like process manager not the DB no way to think about it if a target sees a file

25
00:01:39,570 --> 00:01:40,430
called like this.

26
00:01:40,430 --> 00:01:45,500
They will most likely think that it is some type of vendor's file and they will not open it.

27
00:01:45,540 --> 00:01:51,570
So this would be the path variable if you want to store it in Linux or if you're running this program

28
00:01:51,770 --> 00:01:52,690
Linux.

29
00:01:52,860 --> 00:01:59,040
But if we want to actually run it in Windows we're going to add another path variable which we will

30
00:01:59,040 --> 00:02:02,660
set as a comment until we get to run it inside of a Windows environment.

31
00:02:02,670 --> 00:02:04,410
So path will be equal.

32
00:02:04,410 --> 00:02:07,970
And here is where we use the OS library.

33
00:02:08,130 --> 00:02:14,610
Now we can do the same thing and call it process manager if we want but we also want to make sure that

34
00:02:14,610 --> 00:02:15,900
we hide the file.

35
00:02:15,900 --> 00:02:19,970
For example if Target runs up a key logger onto the desktop.

36
00:02:19,980 --> 00:02:27,090
The process manager Dr 60 will be created in the desktop directory and we do not want that because they

37
00:02:27,090 --> 00:02:29,590
will notice straight away after they run the file.

38
00:02:29,700 --> 00:02:35,420
There will be a process manager that the external file that is being created right here on the desktop.

39
00:02:35,430 --> 00:02:37,110
So we want to hide it a little bit.

40
00:02:37,140 --> 00:02:43,110
Well the best way where we can find it or the best place where we can hide it is inside of the HP Data

41
00:02:43,110 --> 00:02:44,040
folder.

42
00:02:44,040 --> 00:02:46,560
It is a hidden folder inside of a Windows environment.

43
00:02:46,560 --> 00:02:49,930
Let me show you how you can get to it using the command prompt.

44
00:02:50,100 --> 00:02:56,010
If you open up the command prompt and you navigate to the directory of your own account so see slash

45
00:02:56,010 --> 00:02:58,340
user slash and then the name of your own account.

46
00:02:58,410 --> 00:03:01,210
If you type S.D. it would be data.

47
00:03:01,470 --> 00:03:02,970
It will lead you to the AP data.

48
00:03:03,270 --> 00:03:09,240
And if I type there which is the same comment as well as just in windows we will see three different

49
00:03:09,240 --> 00:03:14,300
directories local directory local low directory and roaming directory.

50
00:03:14,460 --> 00:03:20,670
Now our file will be saved in the roaming directory if I go to the roaming the rectory and type here

51
00:03:20,790 --> 00:03:21,970
right here.

52
00:03:21,990 --> 00:03:28,380
Here is some random files that are stored inside of this directory and I can promise you that your target

53
00:03:28,440 --> 00:03:34,050
will never find this file and never find this that rectory unless they're specifically looking for it.

54
00:03:34,340 --> 00:03:34,680
Okay.

55
00:03:35,130 --> 00:03:39,390
And you might notice as well that they have already process manager at the extreme right here.

56
00:03:39,390 --> 00:03:42,440
That is because I already tested the file before.

57
00:03:42,530 --> 00:03:47,240
Slap me delete it using the Delta Command so delete Process Manager data the.

58
00:03:47,760 --> 00:03:51,900
And if I type there once again the process manager is no longer here.

59
00:03:52,140 --> 00:03:52,490
OK.

60
00:03:52,680 --> 00:03:58,300
So here is the place where we are going to save our file which will capture keystrokes.

61
00:03:58,320 --> 00:03:58,620
OK.

62
00:03:58,710 --> 00:04:05,570
So let's close this and how we can specify to Python that you wanted to be saved inside of that the

63
00:04:05,570 --> 00:04:06,500
rectory.

64
00:04:06,500 --> 00:04:15,440
Well we can use the almost library and we can use the OS dot environ method which allows us to specify

65
00:04:15,500 --> 00:04:21,050
between the square brackets the name of the actual directory where we want to store it.

66
00:04:21,050 --> 00:04:27,770
So we want to specify between these square brackets and between the single quotes APB data and right

67
00:04:27,770 --> 00:04:35,770
after it we want to conquer this process manager so we want to add plus before we close this off.

68
00:04:35,770 --> 00:04:41,810
Let me just see whether everything is correctly far removed the hash we want to specify first or as

69
00:04:41,800 --> 00:04:47,860
Dalton Mara and then AP data plus and then to backslash is because this is Windows we need to specify

70
00:04:47,890 --> 00:04:51,100
to back slashes and then process manager dot the exit.

71
00:04:51,350 --> 00:04:51,690
OK.

72
00:04:52,510 --> 00:04:58,510
So once again this line will be used if you want to run the key logger inside of a Windows environment.

73
00:04:58,510 --> 00:05:02,610
And this line will be used if you want to run it inside of a Linux environment.

74
00:05:02,620 --> 00:05:07,930
Now for hiding this program inside the VA Linux well you can simply just do something like route and

75
00:05:07,930 --> 00:05:14,320
then process manager dot to 60 and then the actual program will not be in the same directory as your

76
00:05:14,380 --> 00:05:20,710
key logger but there is no need to do that because this key logger is mainly focused on Windows machines.

77
00:05:21,820 --> 00:05:27,360
So let me just first of all at hash right here because we are going to test it first on the Linux machine.

78
00:05:27,790 --> 00:05:31,540
But before we even test it we need to code our right file function.

79
00:05:31,540 --> 00:05:31,960
OK.

80
00:05:32,050 --> 00:05:37,900
So now that we've got our past specified at the beginning of the program we can open that file for writing

81
00:05:39,340 --> 00:05:48,190
so with open and we specified if we want open path and the more that we want to open it is need a reading

82
00:05:48,190 --> 00:05:53,110
or writing we actually want to append to the file because if you open it for writing every time you

83
00:05:53,110 --> 00:05:56,430
write the new thing the previous thing will be overwritten.

84
00:05:56,440 --> 00:06:01,900
And if you open it for appending well then we can simply just conquered different characters and make

85
00:06:01,900 --> 00:06:04,000
it whole and make it safe.

86
00:06:04,030 --> 00:06:05,930
Everything that the target has inputted.

87
00:06:06,010 --> 00:06:10,990
So we're opening it for appending and we're opening it as file

88
00:06:15,230 --> 00:06:20,720
or we can simply just chalk it up since we're going to use this file a lot throughout this function

89
00:06:20,720 --> 00:06:22,090
we can call it just f.

90
00:06:22,370 --> 00:06:22,690
OK.

91
00:06:23,990 --> 00:06:31,460
Once we open the file we want to eat right over the keys list because remember before we empty out this

92
00:06:31,460 --> 00:06:35,610
list inside of that keys list are all the characters that the target has input.

93
00:06:35,660 --> 00:06:37,190
So we want to go in a for loop.

94
00:06:37,190 --> 00:06:40,220
So for key in keys

95
00:06:43,630 --> 00:06:51,580
first what we want to do is create a variable called K to be equal to string from the key character

96
00:06:52,060 --> 00:06:55,330
and one to replace the single quotes

97
00:06:58,670 --> 00:07:00,280
with nothing.

98
00:07:00,320 --> 00:07:06,920
And the reason why we're using this replace function and replacing a single quote with nothing is because

99
00:07:08,270 --> 00:07:14,660
by default this PI input library will print the keys one by one and they will all be separated by single

100
00:07:14,660 --> 00:07:15,300
quotes.

101
00:07:15,500 --> 00:07:17,230
Therefore we do not really want that.

102
00:07:17,240 --> 00:07:22,970
We want to replace those single quotes with nothing so we can have normal words and not every character

103
00:07:23,030 --> 00:07:25,340
played by this single quote.

104
00:07:25,340 --> 00:07:25,830
All right.

105
00:07:25,850 --> 00:07:33,030
So once we publish the actual key we can check for some special characters such as for example if we

106
00:07:34,170 --> 00:07:42,060
don't find and if we find the key to be called backspace and if that is greater than zero and simply

107
00:07:42,060 --> 00:07:48,520
what this means is if your prospects based on your keyboard the PI input will print to the screen the

108
00:07:48,530 --> 00:07:51,420
two pressed backspace like this.

109
00:07:51,420 --> 00:07:56,850
So all we want to do is simply just instead of printing or writing backspace we want to write it with

110
00:07:56,850 --> 00:07:58,030
the space in between.

111
00:07:58,020 --> 00:08:05,490
So we're going to write it like this back space and add another empty space at the beginning and at

112
00:08:05,490 --> 00:08:11,940
the end so we can differentiate it from the other characters and then for the next character we can

113
00:08:11,940 --> 00:08:12,830
check for enter.

114
00:08:12,830 --> 00:08:22,800
So if key don't find and if we find enter and that is greater than zero which means enter has been inputted

115
00:08:23,100 --> 00:08:27,510
we want to print the new line character because every time you are writing something in your keyboard

116
00:08:27,540 --> 00:08:31,080
and you press enter it will go to the new line it will not print out anything.

117
00:08:31,080 --> 00:08:36,840
Therefore we want to do the same thing with our key logger and we want to write a new line character

118
00:08:37,470 --> 00:08:41,300
which will specify a new line inside of our path file.

119
00:08:41,370 --> 00:08:47,940
I'll write another character we want to cover is the shift characters so if keyed up find and if we

120
00:08:47,940 --> 00:08:50,220
find shift loops

121
00:08:53,070 --> 00:08:57,040
to be greater than zero we want to write the same thing.

122
00:08:57,040 --> 00:09:03,940
So we want to write shift just with spaces at the beginning and at the end so we can differentiated

123
00:09:04,030 --> 00:09:08,090
between different characters so we don't get something like this.

124
00:09:09,690 --> 00:09:10,450
Hello.

125
00:09:10,510 --> 00:09:12,310
Shift world.

126
00:09:12,400 --> 00:09:18,610
So if this is just an example what would be printed if we didn't do this we would get something like

127
00:09:18,640 --> 00:09:25,570
this if the target inputs hello world we would get in our file Hello shift world and with our program

128
00:09:25,570 --> 00:09:28,460
we managed to make it look like this.

129
00:09:28,660 --> 00:09:34,780
So now we know that the target input at hello and then press shift for the W so the W will most likely

130
00:09:34,780 --> 00:09:37,900
be capital if we removed this shift.

131
00:09:37,900 --> 00:09:43,510
All right so that is the only reason why we're doing it for backspace and for the shift character.

132
00:09:43,510 --> 00:09:47,500
And another important character that we need to cover is the space character.

133
00:09:48,610 --> 00:09:58,030
If key don't find and if we find a space character to be greater than zero we want to write an empty

134
00:09:58,030 --> 00:10:07,010
space like this because we space characters simply just means space between two different worlds.

135
00:10:07,090 --> 00:10:13,570
And last but not least if we find key dot find caps lock

136
00:10:20,850 --> 00:10:23,640
to be greater than zero we want to write

137
00:10:27,160 --> 00:10:31,510
with the space at the beginning caps lock and space at the end.

138
00:10:32,020 --> 00:10:36,940
And why we are writing caps lock is because we want to make sure that we know when the target is inputting

139
00:10:36,940 --> 00:10:42,020
capital letters for example it can be useful if the target for inputting a password.

140
00:10:42,040 --> 00:10:48,040
Therefore if we see the caps lock printed inside of our file we know that the future characters are

141
00:10:48,040 --> 00:10:54,250
going to be capital letters and in any other case for any other character which is going to be simply

142
00:10:54,250 --> 00:10:59,560
letters we want to print them or write them to the file.

143
00:10:59,580 --> 00:11:05,550
Now I just noticed that all of these if statements have to be elusive statements so.

144
00:11:05,550 --> 00:11:07,650
Else if else if

145
00:11:11,390 --> 00:11:22,980
else if this one also has to be else if and the last one will also be else if key find and if we find

146
00:11:23,550 --> 00:11:29,550
simply keep then we will write that key to the file.

147
00:11:29,550 --> 00:11:33,850
So have the right K okay.

148
00:11:34,080 --> 00:11:42,300
And remember K is simply just the key that we converted to the string and replaced a single quote with

149
00:11:42,360 --> 00:11:45,950
empty space because the characters would be written something like this.

150
00:11:46,350 --> 00:11:59,270
H E L and then l o so we don't want them to be written like this we want to remove all of these single

151
00:11:59,270 --> 00:12:02,980
quotes so they can be printed out like this.

152
00:12:04,070 --> 00:12:10,460
And this is the entire KG We managed to finish it up in this video and in the next video we're going

153
00:12:10,460 --> 00:12:13,530
to test it on both Linux and Windows machine.

154
00:12:13,860 --> 00:12:14,250
OK.

155
00:12:14,420 --> 00:12:18,850
So thank you for watching this tutorial and I will see you in the next lecture by.