Detecting KeyGrabber Wi-Fi USB Keylogger? Help?

[ry4wn]

So...I purchased the KeyGrabber Wi-Fi Premium is a USB wireless keylogger from *Removed* and it works too good, I got it for testing but no Anti-Virus or protection software can seem to detect it....any suggestions? This is a nasty little tool that e-mails all your information to the controller....help?

Edited June 23, 2015 by Mr-Protocol
Removed site - Potential Advertising/spam

[cooper]

I'm thinking Mr-Protocol is being too kind on you here. You're in the red zone on my spam filter.

It's entirely passive on the link it's on so there really is no way for a PC to detect it. People might notice the big lump attached to their USB port but if it's at the back of your PC standing somewhere under your table I suppose it would easily remain unnoticed.

What, if anything, is your actual question?

[digip]

If by suggestions as in trying to detect it, if it's external hardware that runs as a HID or stand alone without any interaction from the OS, or inline, ie: between keyboard and PC, then no, there isn't much you can do short of inspecting the comptuer to see if any kind of third party dongle is placed on the machine. If this installs software on the OS or in memory, then were talking a different story and you would need to identify it in some manner and then block it/kill it's process from running.

[ZaraByte]

Lol something like that is complete waste of money in my own honest opinion but then again im told im negative against everything but when it comes to my money stuff like that is something i can get for free.

I don't honestly know who came up with the idea of using a USB you stick into at computers port and steal wireless passwords i mean lolwut?

I could do that with a few lines of programming i can't honestly think of one good reason i'd spend any money on that kinda device heck i could use a USB switch blade for that.

Take me a few minutes to make some changes to some execuables to evade anti virus detection and capture wireless passwords.

Edited June 24, 2015 by ZaraByte

[digip]

You would use hardware key loggers for the main reason the op posted, no detection from the OS and no way to block without knowing it was there. Antivirus may block a software based keylogger, and they should if they are worth a spit. If spying on someone tbe last thing you want is to tip off the end user.

[ZaraByte]

Someone who knows how to code a system level root kit could gain the same out come most users don't even know how or where to look for a root kit it could remain unnoticed for a long time and from what i hear its not hard to deploy.

To deploy the hardware keylogger would require access to the target machine same goes for a root kit simple 30 seconds to deploy a root kit payload to install a HID and the keylogger has been deployed as long as no one looks at the device manager and doesn't happen to notice an extra HID installed the root kit will retain access to the machine and log information to be sent back to the attacker over a protocol.

I've seen this kinda stuff by people who have showed me some root kits that could work like that.

I dunno many people who use a desktop computer with wireless so using something like that sounds kinda silly but using a root kit being installed as a HID that seems more worth well the issue with a root kit like that is you'd need to figure out how your gonna get the target to install it hopefully you can install the root kit yourself if you have a few seconds of alone time with the target machine to install the driver from the add and remove hardware section.

[barry99705]

Someone who knows how to code a system level root kit could gain the same out come most users don't even know how or where to look for a root kit it could remain unnoticed for a long time and from what i hear its not hard to deploy.

To deploy the hardware keylogger would require access to the target machine same goes for a root kit simple 30 seconds to deploy a root kit payload to install a HID and the keylogger has been deployed as long as no one looks at the device manager and doesn't happen to notice an extra HID installed the root kit will retain access to the machine and log information to be sent back to the attacker over a protocol.

I've seen this kinda stuff by people who have showed me some root kits that could work like that.

I dunno many people who use a desktop computer with wireless so using something like that sounds kinda silly but using a root kit being installed as a HID that seems more worth well the issue with a root kit like that is you'd need to figure out how your gonna get the target to install it hopefully you can install the root kit yourself if you have a few seconds of alone time with the target machine to install the driver from the add and remove hardware section.

The keylogger is wireless, the computer doesn't need to be. With some of my clients it took me a minute or two to even find the damn computer. They stick them under the desk, or behind the desk. Under piles of crap, in desk drawers that weren't made for them.... Pretty sure at least 90% of computer users don't look at the back of their computer ever. With your rootkit you need to be able to log into the machine to install your driver or whatever. These things are completely passive. Windows see them as usb keyboards.

[overwraith]

I don't consider either tactic a waste of money. Sometimes you are going to have situations where the rootkit might be a little bit too prone to detection, and reversing. From what I understand in order to install a rootkit you need an exploit in some form in order to install it. The OS may log some of the crashes, and other such things associated with this right? If you are using the network and pivoting in order to install the rootkit there will be network logging. Other times you will have the opportunity to use one of these hardware solutions which are less noisy in terms of interactions with the OS, but more prone to being viewed by some passerby. A rootkit has to call back to a server. A hardware key logger does not. If there is a position where the computer is under a desk or something and not easily viewed, then a hardware solution may be warranted. It is cool that there is something that doesn't necessarily have to utilize the call back to the server, and is therefore non-attributable. It is more difficult to say which solution is actually "better" as in my own opinion there are downsides to both. I am betting the loss of one of these keyloggers might be a little bit annoying though, how much do they cost? The hardware keylogger does assume physical access as well. The rootkit could be administered physically, but not necessarily.

[cooper]

A few observations:

- You don't need an exploit to install a rootkit. You need access. When by default no suitable access is available you could use an exploit to elevate your existing access. Or social-engineer the owner to achieve the same. Remember than an exploit is a means to an end and you should always remain focussed on the end, not the means.

- A rootkit doesn't need to call back to a server. It could just remain on the server, resident in memory and when you later access the server in your own, unique way your rootkit will be waiting for you with all the info it's collected (if any) and/or ready to elevate your privileges even though the original problem had already been patched.

- A hardware keylogger also at some stage has to make a decision on what to do now that its buffer is full. Exfiltrate? Scan over autonomously to weed out the crap from the good stuff? Start overwriting the data file from the start again so you end up with the last X keypresses? Hardware or software makes very little difference here. The main difference between the two is that for the hardware solution you need physical access, but it's often easier to make the thing invisible to the running system. For the software solution you don't need physical access, but the system and/or the network is in a position to notice it.

[digip]

I guess it depends what level of access you want to the machine and what you need. If you were trying to just grab keystrokes, the hardware logger is probably the way you would want to go, possibly with a wireless capable one so you can login remotely to the keylogger or have it offload the logged data - http://www.amazon.com/s/ref=nb_sb_noss/179-0338245-2007572?url=search-alias%3Daps&field-keywords=KeyGrabber+Wi-Fi+Premium+USB+Hardware+Keylogger+2GB+-+Wireless+USB+keylogger+with+WLAN%21 (I have no idea how the wireless ones work specifically, but would probably be helpful if thrown on a server rack in a data center without being caught - key being, don't get caught, but if you're into spying on others, thats at your own risk).

Remotely, if you manager to exploit and escalate your way to system level access, then I'd say you want an encrypted meterpeter session and some form of persistence if you want to maintain access. The remote side of this means the potential for pivoting, while the USB logger is just for passive logging of keystrokes, and doesn't do anything to tell you what apps they open or what is on the screen, what else is on the network, etc. Combine a USB keylogger attack with something like a small arm computer for more functionality, and you almost have yourself a small attack platform like the pwny express only directly connected at the PC level vs just a device on the inside of the network.

[ZaraByte]

Ouch $150 for a device that you have to have access to the machine to plug it in for it to be used. I honestly though all this time it magically captured wireless passwords you honestly could gain the same out come using a SUB Switch blade to grab stored wireless passwords using http://www.nirsoft.net/utils/wireless_key.html simply add that in with a USB Switch blade and it will write it to a html or text file.

[digip]

Ouch $150 for a device that you have to have access to the machine to plug it in for it to be used. I honestly though all this time it magically captured wireless passwords you honestly could gain the same out come using a SUB Switch blade to grab stored wireless passwords using http://www.nirsoft.net/utils/wireless_key.html simply add that in with a USB Switch blade and it will write it to a html or text file.

Who says they just want the dumped wifi passwords? This doesn't grab data off the systems OS or dump credentials from disk. If you wanted to capture wifi traffic, that's a whole different story in itself, but these are key loggers, as in capturing keystrokes of what you type only, so you could get all their logins and passwords, email messages and chats they send to others, whatever they type into documents, website urls they type in, etc.

[Black-Assassin]

The hardware USB keylogger may be my thing if i have a physical access to a system but the soft keylogger anti-virus seems to be detecting one of those so if you are a coder you may program one but IF U HAVE A PHYSICAL ACCESS TOTALLY THE USB ONE.