Jump to content


Photo

Keylogger

Module


This topic has been archived. This means that you cannot reply to this topic.
116 replies to this topic

#1 Whistle Master

Whistle Master
  • Pineapple Moderators
  • Hak5 Ninja

  • PipPipPipPipPipPipPip
  • 769 posts

Posted 01 April 2012 - 12:17 PM

Hi guys !

EDIT: New version pending ;) Old version is not available anymore.

I'm working on a new module: a javascript keylogger. You can install new templates for websites you want to capture keys. Please don't hesitate to share with us new working templates. I will integrate them in future version Posted Image

Module is available through module system.

Edited by Whistle Master, 28 December 2012 - 01:12 PM.

Paypal: Donate Link
Bitcoin: 
1LvG9XXXUeiHPM5Cq1SzV7LoAQ5Pn63LMe


#2 Mr-Protocol

Mr-Protocol
  • Root Admin
  • Hak.5 Packet Ninja

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,835 posts

Posted 01 April 2012 - 01:27 PM

You do understand that keystrokes do not pass through the network right? Unless you are talking about other types of keys...

Mr-Protocol @ irc.hak5.org #hak5
Mr-Protocol @ chat.freenode.org #hak5

 
Im just watching a bad dream I never wake up from. -Spike Spiegel

 

https://keybase.io/mrprotocol

 

BitCoin: 1M85SAg2Ax2NQyq5hCdonbTw45sPT19aBY


#3 Whistle Master

Whistle Master
  • Pineapple Moderators
  • Hak5 Ninja

  • PipPipPipPipPipPipPip
  • 769 posts

Posted 01 April 2012 - 02:13 PM

It's a javascript keylogger. Everything is redirected to the pineapple with DNSspoof and then I use an iframe to display the requested page based on available templates (e.g. facebook, gmail, etc.). All keystrokes are recorded to files and then displayed from the pineapple control center.

I added a screenshot ;)

Paypal: Donate Link
Bitcoin: 
1LvG9XXXUeiHPM5Cq1SzV7LoAQ5Pn63LMe


#4 Mr-Protocol

Mr-Protocol
  • Root Admin
  • Hak.5 Packet Ninja

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,835 posts

Posted 01 April 2012 - 02:36 PM

Ah, was curious how you were getting that to work. Screenshot was broken when I posted ;)

Mr-Protocol @ irc.hak5.org #hak5
Mr-Protocol @ chat.freenode.org #hak5

 
Im just watching a bad dream I never wake up from. -Spike Spiegel

 

https://keybase.io/mrprotocol

 

BitCoin: 1M85SAg2Ax2NQyq5hCdonbTw45sPT19aBY


#5 RebelCork

RebelCork
  • Active Members
  • Hak5 Fan ++

  • PipPipPipPip
  • 122 posts

Posted 01 April 2012 - 03:12 PM

That looks about as legit as this : ;)

Posted Image

Edited by RebelCork, 01 April 2012 - 03:12 PM.



Evil: When I have the map, I will be free, and the world will be different, because I have understanding.
Robert: Uh, understanding of what, Master?
Evil: Digital watches. And soon I shall have understanding of video cassette recorders and car telephones. And when I have understanding of them, I shall have understanding of computers. And when I have understanding of computers, I shall be the Supreme Being!


#6 digininja

digininja
  • Global Moderators
  • Elite

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 2,801 posts

Posted 01 April 2012 - 03:29 PM

I assume you've looked at the one built in to w3af.

#7 Whistle Master

Whistle Master
  • Pineapple Moderators
  • Hak5 Ninja

  • PipPipPipPipPipPipPip
  • 769 posts

Posted 01 April 2012 - 03:45 PM

I assume you've looked at the one built in to w3af.

No I did not. I had the idea when I saw the metasploit keylogger and I took the idea of using templates from SET.

Paypal: Donate Link
Bitcoin: 
1LvG9XXXUeiHPM5Cq1SzV7LoAQ5Pn63LMe


#8 Whistle Master

Whistle Master
  • Pineapple Moderators
  • Hak5 Ninja

  • PipPipPipPipPipPipPip
  • 769 posts

Posted 01 April 2012 - 03:49 PM

That looks about as legit as this : ;)

I can assure you that it works. I will send the module to Seb as soon as I finished the last details (configuration updates, etc.)

Paypal: Donate Link
Bitcoin: 
1LvG9XXXUeiHPM5Cq1SzV7LoAQ5Pn63LMe


#9 digininja

digininja
  • Global Moderators
  • Elite

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 2,801 posts

Posted 01 April 2012 - 03:49 PM

Sorry, meant BeEF not w3af. Been a long day.

#10 telot

telot
  • Active Members
  • Hak5 Ninja

  • PipPipPipPipPipPipPip
  • 699 posts

Posted 01 April 2012 - 03:57 PM

That looks about as legit as this : ;)

Posted Image


I smell a fellow redditor...


So how bout that narwhal baconing? Bout what time does that occur again? ;)

But seriously, Master Chef Whistle Master did it again! Mixing dnsspoof with a dash of metasploit for a little key logging action - beautiful! Can't wait to try it out!



telot

Edited by telot, 01 April 2012 - 03:59 PM.


#11 Whistle Master

Whistle Master
  • Pineapple Moderators
  • Hak5 Ninja

  • PipPipPipPipPipPipPip
  • 769 posts

Posted 01 April 2012 - 04:29 PM

I smell a fellow redditor...


So how bout that narwhal baconing? Bout what time does that occur again? ;)

But seriously, Master Chef Whistle Master did it again! Mixing dnsspoof with a dash of metasploit for a little key logging action - beautiful! Can't wait to try it out!



telot

Actually, it's a standalone, you don't need metasploit :)

Paypal: Donate Link
Bitcoin: 
1LvG9XXXUeiHPM5Cq1SzV7LoAQ5Pn63LMe


#12 RebelCork

RebelCork
  • Active Members
  • Hak5 Fan ++

  • PipPipPipPip
  • 122 posts

Posted 01 April 2012 - 04:39 PM

Can't wait to try it out either.

Can BEEF be installed on the pineapple itself, or am I just thinking a load of bull (groan)


Evil: When I have the map, I will be free, and the world will be different, because I have understanding.
Robert: Uh, understanding of what, Master?
Evil: Digital watches. And soon I shall have understanding of video cassette recorders and car telephones. And when I have understanding of them, I shall have understanding of computers. And when I have understanding of computers, I shall be the Supreme Being!


#13 digininja

digininja
  • Global Moderators
  • Elite

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 2,801 posts

Posted 01 April 2012 - 04:41 PM

You wouldn't exactly install BeEF on it as it is a framework, all you need is to inject the javascript hook into pages using the pineapple and have it point at the controller elsewhere.

#14 ptrac3

ptrac3
  • Active Members
  • Hak5 Fan ++

  • PipPipPipPip
  • 90 posts

Posted 02 April 2012 - 04:50 PM

It seems to be not a "keylogger" but a credentials grabber that uses fake logins templates..

#15 digininja

digininja
  • Global Moderators
  • Elite

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 2,801 posts

Posted 02 April 2012 - 05:12 PM

what does?

#16 hfam

hfam
  • Active Members
  • Hak5 Pirate

  • PipPipPipPipPipPip
  • 384 posts

Posted 02 April 2012 - 05:23 PM

what does?


ahaha! Ya beat me to it. :)

Can't wait to give this one a try! Some of you guys are really blowin' it up out here with the add-ons, brilliant stuff, thanks all!

Super fired up for the official release of the modules-enabled firmware!!

#17 Whistle Master

Whistle Master
  • Pineapple Moderators
  • Hak5 Ninja

  • PipPipPipPipPipPipPip
  • 769 posts

Posted 03 April 2012 - 07:01 AM

It seems to be not a "keylogger" but a credentials grabber that uses fake logins templates..

Every keystroke is captured when the "victim" arrives on the fake login templates, that's why I called it keylogger, but you're right, strictly speaking, I could call it Credentials Grabber but it's more longer to write than keylogger :P

Paypal: Donate Link
Bitcoin: 
1LvG9XXXUeiHPM5Cq1SzV7LoAQ5Pn63LMe


#18 PatriceKing

PatriceKing
  • Active Members
  • Hackling

  • Pip
  • 15 posts

Posted 03 April 2012 - 10:55 AM

Great job Mr. WM! Can't wait to try it.

#19 Whistle Master

Whistle Master
  • Pineapple Moderators
  • Hak5 Ninja

  • PipPipPipPipPipPipPip
  • 769 posts

Posted 07 April 2012 - 05:40 PM

Just a quick update, I'm still working on the keylogger module. It needs more testing and then I will release a first version with two templates already installed (facebook and gmail).

Paypal: Donate Link
Bitcoin: 
1LvG9XXXUeiHPM5Cq1SzV7LoAQ5Pn63LMe


#20 MrBurN

MrBurN
  • Active Members
  • Newbie

  • 6 posts

Posted 07 April 2012 - 07:22 PM

sweet, keep up the good work !