How To: Silently Record Keystrokes with a USB Stick [Deadly Keylogger]

52 comments

  1. Terribly sorry for not checking this notification out; I believe there is another active comment thread in the comments section here of the same issue, I will try to troubleshoot this in that thread for future reference!

    Like

  2. When I run the .bat file, CMD says “The operation completed successfully File not found – init.dll.lnk 0 File(s) copied Overwrite C:\tmp\winsvr\logon\winlogon.exe (Yes/No/All)?
    and if I type Yes, it copies winlogon.exe to tmp and the keylogger wont run.
    I have “show hidden files and folders” enabled on the device so I don’t know why its not working.

    Like

      1. Yes, the init.dll file is in the same location as the bat file on the USB. It looks exactly like the picture shown in step one of your instructions. Also when I run the bat file and it says access denied, a pop up comes up that says “D:\logs\init.dll.lnk, the specified path does not exist, check the path, and then try again.” I don’t know if this information will help you determine what the problem is, but I hope it helps. Thank You.

        Like

            1. And you have indeed placed the ″logs″ folder directly in the USB drive′s root as ″D:\logs\″?

              Also, about the ″Access denied″ error; have you tried using a custom location to dump the keylogger instead of ″C:\tmp\″? You can do so using the newer, updated iteration of the keylogger. The steps have been updated as well.

              Overall, we′d suggest redownloading the new iteration and trying that. We made a few changes.

              Like

              1. Yes I have placed the “logs” folder directly in the USB drive′s root as ″D:\logs\″. And I have tried the custom location dump, but when I use the “GUI” to put it in a folder that is available on my desktop, nothing goes into the folder even with hidden files enabled. I have also redownloaded everything adjacent to deleting the older version but the same thing happens to both “.bat” files.

                Like

    1. Hi!

      First of all, this is a false positive. Second, this is a simply Python-coded program compiled into a .exe file. It being flagged as a threat is only probably possible due to the fact that it is either of an unknown source according to the “f-secure” clockwork, or this keylogger may have finally been updated into antivirus signature databases to be flagged. Bottom line is, the file is 100% personally handcrafted by me and safe.

      Like

    1. Yes! All you would have to do is just run the winlogon.exe file from the USB drive itself. Basically, wherever you run the winlogon.exe file from, that directory is where the output file is generated and logged.

      Like

      1. thank you for your answer i have one more question and the question is what the role of sct.exe i mean is it necessary cause i accidentally deleted it and it didnt seem to affect the program

        Like

        1. Hi! The file ″sct.exe″ creates a shortcut of the ″init.dll.link″ shortcut with a ″Start in″ value of the custom directory you chose to hide the tool within Windows, and then puts this shortcut int the Startup directory to be self-executed upon system startup.

          You may have only used the default ″create_dmp.bat″, which does not require this ″modified″ shortcut to be created
          Deleting ″sct.exe″ will not impact your current execution, but the keylogger will lose its ability to further record keystrokes once the system powers down and starts up again

          I would suggest re-downloading the tool, minor updates have been made too!

          Like

  3. I get a error when unpacking the rar. I set the password and than a error came up (in short): “all the file was damaged or the password was wrong”

    Like

    1. Hi!

      This has been tested just 1 day ago and confirmed as working optimally. Kindly, check if you are entering the RAR password correctly (123456); if the issue still persists, then your system may be removing the file(s) in the quarantining process, which of course, would be a false positive.

      Like

  4. Hi,

    thank you for that – didn’t try it yet – my antivirus said it contained trojans and when I unzipped files simply deleted content partly.. I guess, it must contain trojans since the idea is to spy, but is it possible for antivirus to find them at this point?

    Thank you!

    Like

    1. Hi!

      As of the time I had packed these files a few months ago after an update, Windows had not picked any of the files as potentially harmful; guess they updated their security recently. Could you let me know what files exactly are being quarantined by visiting the Defender/security settings? That could help me mitigate this issue in a future update!

      Edit: This is a simply Python-coded program with the execution taking place through batch files that make these files hidden and copy them into the Startup folder for automated executions in future boots. It being flagged as a Trojan horse is only probably possible due to the fact that it is a “.exe that is listening to key strokes as you type”. But this is assuming the “.exe” itself is being quarantined. I may only get to know the issue if you could let me know the specific quarantined file(s).

      Like

  5. When I run the .bat file, cmd comes up and says:
    The operation completed successfully
    File not found – init.dll.lnk
    0 File(s) copied
    Overwrite C:\tmp\winsvr\logon\winlogon.exe (Yes/No/All)?

    When I type Yes, it copies winlogon.exe to tmp and the keylogger wont run.

    Like

        1. Terribly sorry for not checking this notification out; I believe there is another active comment thread in the comments section here of the same issue, I will try to troubleshoot this in that thread for future reference!

          Like

    1. Hi!

      The USB drive only serves the purpose of transferring and executing the tool onto another system. You may carry this tool with you on any storage media that you could potentially transfer to another system; or you could even keep the files on a public cloud!

      If your question is basic to the limits of just running on your system to check, then yes, of course, you can run it without a USB drive.

      Like

  6. Hey! I was able to copy the file but the access.log wasn’t there, only the Winlogon, what did I do wrong? (I tried custom and normal, both did the same thing

    Like

    1. Hey!

      The “access.log” file is the output file, which stores the keystrokes. It is only created automatically when winlogon.exe or the .bat is being run. Looks like you have followed everything well, but just have not run the keylogger yet.

      Like

  7. Thanks for your info and help!
    If I have this USB stick formatted as directed on another pc, then plug into different pc I need info from, Does this record the windows sign in and password?

    Like

    1. What up, Mike!

      Although you can definitely use this across different systems since it drops the payload into the system itself and then automatically reruns it on system start, you cannot record Windows login keystrokes. This is because auto-starting of programs (including the keylogger) only happen after the Windows login process.

      Like

  8. hye this is really cool to screw around with but for some reason it wont copy the files over. It said access denied and i used the work around you gave . still wont copy. says no path found. any help?

    Like

    1. What’s up, Shane?!

      Hmm, strange… How about simply manually copying the files over to an obscure-ish folder where you do have the permission to read/write files, then creating a shortcut to the .exe file and moving that newly created shortcut to the Startup folder (C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup)?

      Do update!

      Like

  9. Amazing job man, it works perfect except one part that maybe i did wrong dueing setting up of usb
    After copying extracted files and all, as soon as i put the finished usb in my pc the antivirus says its a malware and deletes the winlogon file and the keystroke listening stops, is there anything to do

    Like

    1. Yo, John!

      Interesting find! The system security detecting it as malware has nothing to do with your setting up. That would be an issue with the tool itself. Although it gets a little complicated, I will try to fix this issue in perhaps a future iteration. Until then, make sure you disable your system security (antivirus / antimalware) or its real time protection temporarily to test this. Also, pssst, not every system has automatic removable disk scanning enabled.

      Lastly, thank you for the kind words!

      Like

    1. Yo, Denis! Interesting find! Let me check this out and report back within 24 hours; I’m away from my work system.

      EDIT: You absolute chad! Apparently, hidden shortcuts in the Startup folder do not initiate execution at all. I have made appropriate modifications in the tool to now not hide the shortcut. Thanks!

      Like

    1. Hey, Rish!

      Does it say that in the beginning itself or are there a few more lines above it? Anyway, do make sure the files you download and extract are in the MAIN directory of the USB drive you’re planning on using as the tool. In other words, do not keep the extracted files in any added folders, just copy-paste all the extracted content into the USB drive’s main/root page. That should work.

      Like

  10. Needed to compose you that little bit of remark to say thank you over again about the extraordinary secrets you have contributed in this article. It is so incredibly open-handed of you to allow publicly precisely what a lot of folks would’ve sold for an e-book in order to make some money on their own, especially since you could have done it if you ever considered necessary. These solutions additionally worked to be a good way to be certain that most people have a similar passion just as my personal own to know the truth a little more around this issue. I am sure there are lots of more pleasurable sessions ahead for individuals that read your website.

    Like

  11. You deserve billion and zillions of views bro, your content is amazing and so helpful! Keep doing this amazing work!! Thank u

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.