Keylog Dump causes Server to crash.

[winicius87]

OS: [e.g. Windows 10] Commit/Build: [e.g. b227928]

When I dump the keylog the server crashes, and no keylog is dumped. I wish this could work on all platforms. After the crash I have to start the server and client again. This project would be great if it was cross platform.

[xp4xbox]

What is the output in the window?

[winicius87]

[xp4xbox]

I think ive had that before, but if you dump your logs, you need to dump them when the keylogger is running, not when it is stopped.

[xp4xbox]

Fixed 97f91b8

[ArlenRicard]

Same problem

[xp4xbox]

I am not sure why. @ArlenRicard is there a file called spbkhost.exe in your temp directory.

[ArlenRicard]

Yes, this executable is downloaded from the project repository, through the client script. Are you saying that this image error is caused because of it? What do you suggest I do then to solve this problem?

I would like to know if anyone else is having this same problem with the keylogger function, already recompile the system several times also, I ran the compiler in virtual machine cleaned, I did the test both in local network and external network, always in clean machines. And it always shows the same error I posted above.

[xp4xbox]

No, I was checking to make sure it was being downloaded. I am still not sure why it is not working. Can you try running the client locally on the same machine as the server?

[ArlenRicard]

I am doing a detailed analysis, and soon I will be posting here.

[ArlenRicard]

First of all, I wanted to congratulate you on the project, because of all that I have looked for, it is very simple, objective and complete. I'll be happy to help you develop it the way I can, I understand little of programming in python, but I have many ideas that could make it even cooler.

About the tests: I am bringing a more detailed analysis related to the problems I had with keylogger module of this project. Let's filter the problems from the beginning, starting with compiling the client.py module Test environment performed on local network with VMWare: Server: Win7x64 build 7601 in vmware. Running the server and the python 3.6 compiler. Client: Win7x64 build 7601 in vmware. Running the client. Both virtual machines are clean.

Results: Beginning by installing the prerequisites for compiling the project, I installed everything in the order that was described in the site, I did everything exactly like in the tutorial. After compiling the client.py, I get the following "WARNING" from the compiler build folder. I can not say if this amount of missing modules affects how the client works. warnclient.txt

missing module named 'multiprocessing.forking' - imported by C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\lib\site-packages\PyInstaller\loader\rthooks\pyi_rth_multiprocessing.py
missing module named multiprocessing.get_context - imported by multiprocessing, multiprocessing.pool, multiprocessing.managers, multiprocessing.sharedctypes
missing module named multiprocessing.TimeoutError - imported by multiprocessing, multiprocessing.pool
missing module named multiprocessing.BufferTooShort - imported by multiprocessing, multiprocessing.connection
missing module named multiprocessing.AuthenticationError - imported by multiprocessing, multiprocessing.connection
missing module named multiprocessing.set_start_method - imported by multiprocessing, multiprocessing.spawn
missing module named multiprocessing.get_start_method - imported by multiprocessing, multiprocessing.spawn
missing module named pyimod03_importers - imported by C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\lib\site-packages\PyInstaller\loader\rthooks\pyi_rth_pkgres.py
missing module named StringIO - imported by pkg_resources._vendor.six
missing module named 'pkg_resources.extern.pyparsing' - imported by pkg_resources._vendor.packaging.markers, pkg_resources._vendor.packaging.requirements
missing module named 'com.sun' - imported by pkg_resources._vendor.appdirs
missing module named com - imported by pkg_resources._vendor.appdirs
missing module named __builtin__ - imported by PIL.Image, pkg_resources._vendor.pyparsing
missing module named ordereddict - imported by pkg_resources._vendor.pyparsing
missing module named __main__ - imported by pkg_resources
missing module named pkg_resources.extern.packaging - imported by pkg_resources.extern, pkg_resources
missing module named pkg_resources.extern.appdirs - imported by pkg_resources.extern, pkg_resources
missing module named 'pkg_resources.extern.six.moves' - imported by pkg_resources, pkg_resources._vendor.packaging.requirements
missing module named pkg_resources.extern.six - imported by pkg_resources.extern, pkg_resources
missing module named resource - imported by posix, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
missing module named posix - imported by os, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
missing module named _posixsubprocess - imported by subprocess, multiprocessing.util, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
missing module named 'org.python' - imported by pickle, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py, xml.sax
missing module named readline - imported by cmd, code, pdb, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
excluded module named _frozen_importlib - imported by importlib, importlib.abc, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
missing module named _frozen_importlib_external - imported by importlib._bootstrap, importlib, importlib.abc, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
missing module named _winreg - imported by platform, pygame, pygame.sysfont, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py, pkg_resources._vendor.appdirs
missing module named java - imported by platform, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
missing module named 'java.lang' - imported by platform, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py, xml.sax._exceptions
missing module named vms_lib - imported by platform, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
missing module named termios - imported by tty, getpass, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
missing module named grp - imported by shutil, tarfile, pathlib, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
missing module named org - imported by copy, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
missing module named pwd - imported by posixpath, shutil, tarfile, http.server, webbrowser, pathlib, distutils.util, netrc, getpass, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
missing module named _dummy_threading - imported by dummy_threading, C:\Users\testserver\AppData\Local\Programs\Python\Python36-32\Scripts\client.py
missing module named _scproxy - imported by urllib.request
missing module named PIL._imagingagg - imported by PIL, PIL.ImageDraw
missing module named olefile - imported by PIL.MicImagePlugin, PIL.FpxImagePlugin
excluded module named Tkinter - imported by pymsgbox, PIL.ImageTk
missing module named UserDict - imported by PIL.PdfParser
missing module named 'PySide.QtCore' - imported by PIL.ImageQt
missing module named 'PyQt4.QtCore' - imported by PIL.ImageQt
missing module named 'PyQt5.QtCore' - imported by PIL.ImageQt
missing module named pathlib2 - imported by PIL.Image
missing module named cffi - imported by PIL.Image, PIL.PyAccess, PIL.ImageTk
missing module named opencv - imported by pygame._camera_opencv_highgui
missing module named copy_reg - imported by cStringIO, pygame
missing module named 'pygame._view' - imported by pygame
missing module named MacOS - imported by pygame.macosx
missing module named macresource - imported by MacOS
missing module named pygame.sdlmain_osx - imported by pygame, pygame.macosx
missing module named OpenGL - imported by pygame
missing module named numpy - imported by pyscreeze, pygame._numpysurfarray, pygame._numpysndarray, pygame, pygame._camera_opencv_highgui
missing module named pygame.SRCALPHA - imported by pygame, pygame.ftfont
missing module named Queue - imported by pygame.threads
missing module named Py25Queue - imported by pygame.threads
missing module named cStringIO - imported by pygame.compat
missing module named 'Xlib.XK' - imported by pyautogui._pyautogui_x11
missing module named 'Xlib.ext' - imported by pyautogui._pyautogui_x11
missing module named Xlib - imported by pyautogui._pyautogui_x11
missing module named AppKit - imported by pyautogui._pyautogui_osx
missing module named Quartz - imported by pyautogui._pyautogui_osx
missing module named cv2 - imported by pyscreeze
excluded module named tkinter - imported by pymsgbox

After transferring the executable client.exe to vm-client, I ran it. The first error appears, but it does not have to be with the project, but a windows add-on that has been fixed by installing vc_redist.x86 2015. After installing vcredist the client.exe has opened correctly.

I went back to vm-server, and ran server.py. The client successfully connected to vm-server, then I used the --k start command to start the keylogger process, and the message "Keylogger currently unavailable."

Then I manually downloaded the pre-compiled keylogger from the github repository just to eliminate the possibility of errors from me if I tried to compile it. Then I opened the temporary directory of the user using the %tmp% variable, renamed the keylogger to spbkhost.exe and threw it in the temporary folder, which is where the system tries to search for it. Then I went back to the vm-server and executed the --k start command again. I checked the process on the vm-client machine, and the spbkhost.exe process was already running, I pressed several keys so that it could capture something to use as a test.

Finally I ran the command --k dump on vm-server, and we returned to the old problem. Server crashes and closes client.

I decided to check if the problem was not executable spbkhost.exe, I ran it manually in vm-client, I edited the spbky.txt file that it uses to read the commands, and I inserted "dump" into the text file, saved it and closed it. And the typed key log was successfully captured and played in the spblog.txt file confirming that the spbkhost.exe process is working normally.

Final Notes: About the "Keylogger currently unavailable." It may be that the client machine needs some complement so that it can download the keylogger from the github repository. Maybe the problem is related to the urllib.request.urlretrieve parameter.. Because when I ran client.exe on machines that I had used for a long time, the client was able to download the keylloger correctly. In the virtual machine as it is clean, maybe something is missing. A second option would be to ship it somehow in client.py, so that it was extracted when client.exe was run, and put the github repository as a secondary alternative. And finally we have to figure out what causes the error in server.py when we use the --k dump option.

[xp4xbox]

Thoses warnings do not matter since the only thing that is being excluded when building it, is the tkinter module which is used for GUIs. I have experienced problems before with pyinstaller not working on some computers although there is nothing I can do about that since that is a problem with pyinstaller, which is currently the only decent method of converting .py to .exe for python 3.5+.

About the "Keylogger currently unavailable.", I could try a different method instead to see if that changes it.

For the error with the --k option, could you try running the server and the client on the same VM? It might be that there needs to be a delay so that it can properly send all data.

[xp4xbox]

I changed the urllib.request with a module called requests. Remove the old spbkhost.exe and try downloading the file again using this client https://github.com/xp4xbox/Python-Backdoor/blob/develop/client.py

[ArlenRicard]

Okay, I've compiled the new client.py. I restored the vm-client snapshot to the starting point. The app is giving the following error now when trying to open new_client.exe:

[xp4xbox]

Did you run pip install requests?

[ArlenRicard]

I had never run this command since it was never mentioned in the tutorial. Okay, I did as mentioned, the download problem was solved. Now he got down normally. But on the --k dump function, it still has the same problem. When it is applied, the server hangs, displaying that error message. I will test both systems on the same machine now. and set the client ip to 127.0.0.1.

[ArlenRicard]

I did the test, running both systems on the same machine, again without success. I could notice an important detail, it's as if server.py could not send the dump command to the client. Or if it can send, the client can not handle this command. Because there are two important files that the spbkhost.exe process works on, which are spbky.txt that receives the commands and the spblog.txt that stores the logs. Somehow, the word "dump" is not being inserted into the "spbky.txt" file, only "start" and "stop". Or it has some untreated delay on server.py the moment it triggers the dump and receives the data from the client. For what I noticed, there is a small delay when I insert the word "dump" into the file "spbky.txt" until it generates the log. But you are the creator so the final analysis is your hahaha ..

About my little ignorance of "pip install requests". I reinstalled the compiler, and did all the processes again, I installed the "requests". And I compiled the old client.py, to see if it solved the problem of the parameter urllib.request at the moment of downloading the keylogger of the repository. Well I noticed that the "requests" has a lib with urllib name, so I thought the problem was for lack of having installed the "requests", but it was not. The download problem persisted with the old parameter "urllib.request". So the development version is correct, which worked perfectly on a clean machine.

[xp4xbox]

I added a larger delay, can you test out the latest develop client. https://github.com/xp4xbox/Python-Backdoor/blob/develop/client.py

[ArlenRicard]

Gave the same problem again. I am always performing all the tests in a single vm, server and client in the same machine. Just one question, did you ever test this system in your test environment? If the problem is just me, you do not have to mess with system programming. Well, I'd better pause testing with the keylogger module of this project for now. Use the puffader for now, it's perfect.

I wanted to suggest another improvement for this project.

[xp4xbox]

I never had any problems with the keylogger. I always test everything.

[ArlenRicard]

So, but you did the test using a clean virtual machine ?. I downloaded the official windows iso from microsoft's website, and I did everything as directed, and I always came across this error.

But anyway, I'm now focused on solving that other upload problem that hangs when sending files to external networks.

[xp4xbox]

I just tested out a build of this using pyinstaller and I am experiencing the same error. This means that the problem is with pyinstaller since it works fine if you just run the .py file.

[xp4xbox]

@ArlenRicard try running just the client without building it to .exe.

[ArlenRicard]

Yes I agree with you. I ran the client without compiling, and the --k dump worked perfectly. Actually the problem is with pyinstaller. So now the problem is no longer yours. I'll be waiting for future pyinstaller updates. Thank you very much

[xp4xbox]

What version of pyinstaller are you running?

[ArlenRicard]

I am using the latest stable version 3.3.1. I already tested the development version, but it gave the same problem.

[xp4xbox]

So I found the problem, it turns out when you build a program using the --windowed option with pyinstaller, the following code crashes the program:

command = subprocess.check_output("tasklist", shell=True)

[ArlenRicard]

Perfect, less a dilemma to solve xD. I just tested here, it worked perfectly. Case closed then for this long investigation.