Sparda Posted January 11, 2009 Share Posted January 11, 2009 It is designed to log key strokes, that is all it can do. Quote Link to comment Share on other sites More sharing options...
rsdbaby Posted January 11, 2009 Author Share Posted January 11, 2009 Ah... so theres no way that it could be used as a regular flash drive? Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted January 11, 2009 Share Posted January 11, 2009 No, unless it was manufactured to do so, which it most likely wasn't. Quote Link to comment Share on other sites More sharing options...
vector Posted January 11, 2009 Share Posted January 11, 2009 why dont you check out HHD. hhdsoftware.com Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted January 11, 2009 Share Posted January 11, 2009 why dont you check out HHD. hhdsoftware.com s/he's looking for a hardware TCP/UDP logger Quote Link to comment Share on other sites More sharing options...
PLuNK Posted January 11, 2009 Share Posted January 11, 2009 What you need to realise is there needs to be something operating the program, You can't just slap a program on a flash drive and expect it to magically run. If your trying to monitor your traffic on a machine you have permissions to use, then Wireshark is the way; Other then that it's not exactly easy. If you have/made a program designed for say Windows (In general) then you also need Windows to automatically run the program on the flash drive once connected with/without human interaction. Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 11, 2009 Share Posted January 11, 2009 There is a very simple and undetectable way of doing this with hardware, it will just cost you more than a flash drive. You first setup a wiretap on the ethernet cable using a passive network tap, then you connect this to a gumstix computer (a tiny linux machine the size of a packet of gum) which is running tcpdump and logging to a large capacity flash storage medium. Very simple, very effective and its how the pro's would do it. With your method, you will basically need to use a U3 drive and a rootkit, which is cheaper and more straightforward, but will do lasting damage to the target machine. My method is completely passive, and as long as they don't physically see it, undetectable from the target machine. Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 11, 2009 Share Posted January 11, 2009 That method isn't completely undetectable, there will be a constant voltage drop while the device is connected. How many network adapters allow you to monitor the voltage on the cable in software? I haven't seen any yet. Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 11, 2009 Share Posted January 11, 2009 Broadcom chips come with a utility which allows you to measure cable length, so this might allow you to spot something like a passive wiretap. I would assume it measures attenuation and impedance on the wire and uses that to calculate the rough length of the cable. If they are checking this, you are out of your league. Quote Link to comment Share on other sites More sharing options...
digip Posted January 11, 2009 Share Posted January 11, 2009 I'd say a U3 hack + portable wireshark scripted to start logging on insertion would do the trick. http://prdownloads.sourceforge.net/wiresha...e-1.0.5.paf.exe Quote Link to comment Share on other sites More sharing options...
rsdbaby Posted January 11, 2009 Author Share Posted January 11, 2009 There is a very simple and undetectable way of doing this with hardware, it will just cost you more than a flash drive. You first setup a wiretap on the ethernet cable using a passive network tap, then you connect this to a gumstix computer (a tiny linux machine the size of a packet of gum) which is running tcpdump and logging to a large capacity flash storage medium. Very simple, very effective and its how the pro's would do it. With your method, you will basically need to use a U3 drive and a rootkit, which is cheaper and more straightforward, but will do lasting damage to the target machine. My method is completely passive, and as long as they don't physically see it, undetectable from the target machine. How do you connect the gumstix to the ethernet connection? And how would I go about installing tcpdumb on the gumstix? I really appreciate your help, this is exactly what I was looking for. Quote Link to comment Share on other sites More sharing options...
rsdbaby Posted January 12, 2009 Author Share Posted January 12, 2009 Oh and another question. Rather than a passive network tap would an ethernet splitter work? Quote Link to comment Share on other sites More sharing options...
darkcrown Posted January 12, 2009 Share Posted January 12, 2009 Quote Link to comment Share on other sites More sharing options...
rsdbaby Posted January 12, 2009 Author Share Posted January 12, 2009 If I did the above configuration it would be undectable right? Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted January 12, 2009 Share Posted January 12, 2009 If I did the above configuration it would be undectable right? There is a very simple and undetectable way of doing this with hardware, it will just cost you more than a flash drive. You first setup a wiretap on the ethernet cable using a passive network tap, then you connect this to a gumstix computer (a tiny linux machine the size of a packet of gum) which is running tcpdump and logging to a large capacity flash storage medium. Very simple, very effective and its how the pro's would do it. With your method, you will basically need to use a U3 drive and a rootkit, which is cheaper and more straightforward, but will do lasting damage to the target machine. My method is completely passive, and as long as they don't physically see it, undetectable from the target machine. That method isn't completely undetectable, there will be a constant voltage drop while the device is connected. How many network adapters allow you to monitor the voltage on the cable in software? I haven't seen any yet. Quote Link to comment Share on other sites More sharing options...
rsdbaby Posted January 12, 2009 Author Share Posted January 12, 2009 haha. Just double checking. How could I go about install tcpdump on the micro computer and setting it up to run automatically. Quote Link to comment Share on other sites More sharing options...
coyotepedia Posted January 12, 2009 Share Posted January 12, 2009 Actually, this doesn't sound too different from the USB Hacksaw project. There we were using autorun to install a program that would grab everything off of subsequently inserted USB keys, but using the same idea with a different payload, installing a packet sniffer and sending out the captures... Well, unless I'm missing something it's not impossible, certainly. Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 12, 2009 Share Posted January 12, 2009 The hacksaw method is certainly possible but would leave more traces and would be picked up more easily unless you disabled a few security methods. And with Vista's UAC its certainly going to be noticed unless you have time to rootkit the box. Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted January 12, 2009 Share Posted January 12, 2009 nvmd Quote Link to comment Share on other sites More sharing options...
rsdbaby Posted January 12, 2009 Author Share Posted January 12, 2009 So if I were to purchase a gumstix and install tcpdump on an SD card then all I would have to do is plug in the ethernet cable and it would log the traffic? Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 13, 2009 Share Posted January 13, 2009 Its a little more complicated than that in practice, how are you with the linux cli? Quote Link to comment Share on other sites More sharing options...
rsdbaby Posted January 13, 2009 Author Share Posted January 13, 2009 Its a little more complicated than that in practice, how are you with the linux cli? Im not very good at writing programs, I would however be willing to pay very handsomely for someone to write the program for me. Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 13, 2009 Share Posted January 13, 2009 I don't think you need to program anything, you just need to compile & install tcpdump or wireshark for the gumstix platform and create a simple startup script so that it starts logging when you turn it on. Quote Link to comment Share on other sites More sharing options...
rsdbaby Posted January 14, 2009 Author Share Posted January 14, 2009 Well I would pay very nicely for someone to compile the programs for me. Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted January 14, 2009 Share Posted January 14, 2009 Well I would pay very nicely for someone to compile the programs for me. yeah... no. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.