Every security blog needs at least one post with the old cliched stack smashing title. No offense to those bloggers who take themselves too seriously.
This week I put together a key logging module for wendigo, as the title suggests. I used the pyHook module, which is unfortunately windows only (but at some point I might make a nix version with pyxHook). pyHook is a module that provides a super simple interface to hook mouse and keyboard clicks, so I did just that. Boring, there’s a million tutorials about that sort of thing so that’s not what I’m going to write about. (I also noticed that pretty much every example for using pyHook was about key logging, which makes me a little bit suspicious of how stealthy using it would be.)
No, what this blog is about is the design, because at the end of the day that’s the only difference between the millions of key loggers out there. Everything important is sitting inside the run function so it can be called from wendigo, handy I know. But the cool part is the exfiltration options. It’s what the examples don’t tell you. They just say, hook everything, set your callbacks and watch the keystrokes come in, then you can have them sitting in memory, or print them to a terminal, in case you wanted your victim to see their passwords in the background as they type them.
My module has two options, log for a specific amount of time and then return into the framework (which automatically encrypts the data and pushes it to GitHub for downloading, public key obviously). Or run forever and periodically push the data. Both options have their merits. If you just want to run for a day to grab their Facebook password you can (stealthier), or if you want to capture their memoir over a year, one day at a time, that option exists as well.
My Portfolio 