EH-Net

Hi

Am wondering if this forum might be able to advise what is the best keylogger software on the market that is reliable

Your feedback would be greatly appreciated

Many thanks in advance

Look Into The Ones Below:
iSpyNow - www.exploreanywhere.com
PC Activity Monitor Pro - www.keylogger.org
remoteSpy - www.ispynow.com
Spector - www.spectorsoft.com
KeyCaptor - www.Keylogger-Software.com

Actually most off-the-shelf keyloggers will not meet your requirements exactly. So consider writing one yourself.

I don't think he stated his requirements.

maybe reliable was his requirement  ;D

if w1mmy is interested in learning more about keyloggers and compiling his own, a couple of options are available on irongeeks site:

http://www.irongeek.com/i.php?page=security/keylogger

and on White Scorpions site:

http://www.white-scorpion.nl/programs/index.html

The source is available so these can be adapted for your own need or modified to work work with you favorite AV.

Syn

it seems that by stating 'on the market' he is implying commercially available software and not home grown.

I've demoed spectorsoft's offerings in the past and found it to be pretty good. It has 'enterprise' management type features to control multiple machines and allows for a pretty granular configuration (eg: number of screenshots per hour/minute/etc..) also it has various options for alerting, etc...

The version I tested did 'talk back' to the spectorsoft site and check the number of installs against the licensing. If it could not communicate with the site in would fail to install.

either way, you'd be better off with one of those that Kris Teason listed than writing your own. At least you get support with one you buy. :)

dean

 Since the original poster wimm1y didn't really specify his requirements other than reliable or how he intends to use it, I am not sure how to advize. The ones listed by Kris would be fine if by reliable you meant actually produce results advertised. Heck, I have an old copy of Ghost Keylogger that I use on occasion that works great. It even sends copies of the log to my email and has been very reliable. The only problem with such apps is the can be caught by AVs or even some anti-spyware programs, which in turn can make all of them potentially "unreliable".  Thats why I wrote my own. Its not hard and if you are doing a pentest that involves going into an environment that is protected, you might  consider that approach.

where would i start if i wanted to learn how to write my own key logger?
what should i learn and any suggestions on books would be greatly helpful

Thanks
pjayes

SynJunkie above gave a link with some keyloggers you can compile. The first place to start is to grab the source code and review it. Get as much source code out there and get a general idea of how loggers are coded. Then from there you can start to make changes. The idea is to change the source code until the sig is no longer detected. Now what might happen is , depending on how much you have to rewrite it, you lose some functionality and possible stability.  It really depends on the quality of the code you are editing.  But whats left might be all you need to get you a password and not be detected.  This is the down and dirty way and is really more just "hacking up" the code. Advantages are its a fast way to do it and doesn't require a superior level of programming skill.  On the other hand , if you are great at programming, you will take the time to write on from ground up making sure to approach it from a different angle than whats available. 

There are three ways to write a keylogger on windows platform-
1. Hooking the keyboard messages.
2. The GetAsyncKeyState() trick.
3. Writing a kernel mode driver that hooks the keyboard interrupts.

The third one is IMHO is the best option.
Look on google to research further on the methods and if you can't find any info then,
1. Read Google Hacking book by Johnny Long.
2. PM me. ;)

I've just finished reading the 1337 h4x0r h4ndb00k (http://www.amazon.com/1337-h4x0r-h4ndb00k-tapeworm/dp/0672327279) and the final 'project' is a keylogger written in VB. Whilst I wouldn't recommend this book for anything serious but it is humuorous and this section may just give you the basics you need.

Happy hunting

Thanks alot guys, everyone was really helpful

Don't forget hardware keyloggers. You can even roll your own.

http://www.keelog.com/diy.html (http://www.keelog.com/diy.html)

 ??? ...wonder if there's a privacy if they're using it in this cyberworld...

Mmm.. does we need to plant a trojan server to use a keylogger? i saw this trick in OptixPro... I must be so stupid... :'(

I forget which one I used last time I installed a keylogger.  I was hired by some parents to stick one on their machine to find out what their daughter was up to... from what I heard it wasn't a bad call on their part, though I felt rather Big Brother doing it.  One thing to keep in mind, a number of the 'free' keyloggers, and probably some of the less reputable paid ones... may well be trojans themselves.  IE... don't just go to 'Download.com' and grab a keylogger that's free.  I forget which one I used, but it obfuscated itself rather well.. hard to find unless you were specifically looking for it... didn't pop up in add/remove programs etc. 

As for Narukami's question... much depends on whether you have physical access to the machine, or if it's a remote machine to which you wish to install a keylogger.  Obviously if you don't have physical access, you are going to need to either use valid credentials to remote into the box (if that is open), drop an exploit to get a prompt on something that is running, or get the user to unwittingly install a trojan of yours.  Emenem sucks. 

And Jason... if you have any links for USB 'do it yourself' keylogger hacks.. I would LOVE to see some read outs.  I want a good concealable USB keylogger, but don't plan to shell out a hundred bucks for one.  That's one of the little hardware goodies that just hasn't gone down in price enough yet.  Couple other goodies I would love to have too... unfortunately they're not le... never mind. 

Hardware keyloggers are the really nasty ones. Unless you make a habit of physically surveying your usb/ps2 ports all the time, you could miss one of these for years.

try this one http://bestspytools.net (http://bestspytools.net)