Easy To Use Keyloggers
Keyloggers are a massive threat to users and the users’ data but as a Cyber Pro, you should be aware of how they work.
Keyloggers work by tracking the keystrokes of unsuspecting users and then the data is either stored locally or send via Bluetooth of WiFi back to the hacker.
The fears are obvious and for good reason.
Think about it for a second….hacking a computer remotely is difficult. But when you have physical access to the target machine then all bets are off – it becomes insanely simple.
These stealthy little USB hacking gadgets can easily slot into the back of any PC Tower (laptops also but they are very likely to be discovered) and then the job is done.
I’ve listed these tools for research purposes and please use them cautiously! You should also learn how to combat the usage of these devices in the workplace.
The following keylogging USB’s all come from Amazon and are very reasonably priced.
There’s little point doing a tutorial on how to use them because they are kinda obvious.
Is There A Keylogger Detection Tool or Method?
That is a fantastic question.
And – the answer is…not really…
The issue is this: these are devices that sit silently in the back of your PC Tower and software is, as far as I am aware, unable to detect that the USB Port has an illegally placed (hacking device) inserted into the machine.
The solution is this: use your eyes! Get used to looking behind your PC, Linux box or Mac frequently. Once you do it it will become habitual.
Always be suspicious and you’ll be ok.
There is another much more robust solution which is to use a screen-based keyboard because these keylogging devices are dependent on the user using a USB keyboard.
Why Would We Use A Keylogger? Are They Legal?
You’d use a keylogger for training purposes.
Here’s a typical use case: you’ve been commissioned to pentest a client. Two things you could do from the get-go (without telling them) is installing an Evil Twin using some WiFi hacking hardware, and plant a couple of these keylogging devices into the back of unsuspecting employees’ machines – preferably high targets. Such activity will generate results and will impress your client to the point that they’ll likely recommend and refer your skills.
KeyGrabber TimeKeeper USB 8GB
The first on our list is an absolute masterpiece at disguise.
It blends in like a chameleon.
This beauty just looks the part. It looks so innocuous and ubiquitous that it will almost certainly escape the attention of any unsuspecting boss at the workplace. The equally amazing thing about this particular keylogger is that it transmits the data back via a WiFi signal.
Each keystroke will be recorded by using a timestamp. It also ships with a massive 8 gig of data so you can be sure that the users’ every keystroke will be recorded for years to come. Like most of the other keyloggers in this list, this device does not need any drivers.
And, the scary thing is that for the most part, this keylogger is (I believe) Transparent to the computer operation, undetectable for security scanners.
Wi-Fi Premium USB MCP Hardware Keylogger 2GB
This one works on a mac!
Furthermore, it – and this is pretty unbelievable – emails automatic reports back to the hacker with recorded keyboard data!
This is almost designed for the world’s laziest hacker in mind.
Like the rest of the keyloggers in this list, it comes with a decent amount of storage and can go undetected for a long time, well at least until the target notices it.
KeyGrabber Pico USB 8GB
I’ve added this one on the list because it is TINY!
The way that it works is that you’d attach it to the back of the PC Tower (for example) and then place a regular USB male end into it.
Our understanding is that this is the smallest keylogger on the market, only 0.8″ (20 mm) long!
Keylogger Mini USB 3.0
This one definitely looks the best.
If you don’t want to get messy with configuring the device remotely, i.e. with hidden WiFi networks, Bluetooth, etc, then this is for you!
This would suit the Ethical Hacker that is able to have physical access to the targets machine at will.
The device works on Windows 7,8 and 10 and writes all keystrokes to a hidden file.
It should be noted however that this product does not work on Apple or Linux!
PenTap: Reset/Discover Windows Login Admin Password
This one is not strictly speaking a keyword logger but we thought to include it because it ought to belong in a pentester’s toolkit. This device can discover admin passwords for Windows Boxes including Windows 10, Windows 7, and Previous Versions. For the cost of this device, it is really worth it.
Again with a device like this you have to imagine yourself with a client: they will be in awe at the ease at which you can obtain their password. Of course, test it first to make sure it all works.
If your cold outreach is successful with a potential lead then the next "challenge" is being able to confirm a meeting time either in person or over the phone. Invariably, there’s the...
This is a bit leftfield but if you’ve got the time and confidence, try it out. It’s a classic and certainly one of the most old-school and "basic" offline hacks out there but if you have the...