USBHacker Posted August 24, 2008 Share Posted August 24, 2008 Hello I am wondering if there is a good way to remote keylog on and over my network? And how to protect my network against it? I am using Windows Server 2003 with XP Pro Workstations. I am interested in the tools used to remote keylog on a network (locally). Please tell me which ones to use, and how to protect the network against them! Thanks in advance, Panarchy Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 24, 2008 Share Posted August 24, 2008 Firewall? Anti-Virus? Don't click links in e-mail? Avoiding such things requires the same 'strategies' as avoiding every thing else. Quote Link to comment Share on other sites More sharing options...
Deveant Posted August 24, 2008 Share Posted August 24, 2008 best way to remote key log is to write the logger yourself, all other tools will easily be detected by anti viruses, and thus the answer to the second question, keep your Av's up to date, and u shouldn't have an issue with key loggers. Quote Link to comment Share on other sites More sharing options...
ret Posted August 24, 2008 Share Posted August 24, 2008 Hello I am wondering if there is a good way to remote keylog on and over my network? And how to protect my network against it? I am using Windows Server 2003 with XP Pro Workstations. I am interested in the tools used to remote keylog on a network (locally). Please tell me which ones to use, and how to protect the network against them! Thanks in advance, Panarchy Use AD to lock the workstations down. create a GP that will only allow specified executables to run. run tripwire against the workstations and servers to detect changes to the environment. Quote Link to comment Share on other sites More sharing options...
USBHacker Posted August 25, 2008 Author Share Posted August 25, 2008 Hmm, okay, thanks. My purpose is to show the insecurites of Symantec. (corporate edition or whatever) Now that you know the AV, can you recommend me a keylogger that won't be detected by Symantec? Thanks in advance, USBHacker Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 25, 2008 Share Posted August 25, 2008 Now that you know the AV, can you recommend me a keylogger that won't be detected by Symantec? The one you wrote and checked that Symantec didn't detect it. Quote Link to comment Share on other sites More sharing options...
Steve8x Posted August 26, 2008 Share Posted August 26, 2008 well I wont post code but I'll give you a couple tips on making a good one: 1. Catch repeated keystrokes (so for example if you press a key, I'm sure you don't press keys so fast like 10 milliseconds a key usually humans press and release keys in a about 100-200 milliseconds) pausing your get key code for that long isnt a good idea because then you'll miss keys. Instead catch repeated ones and don't put them in your buffer(if the key is released however and pressed again it is logged) 2. Use GetAsyncKeyState() API - keyboard hooks and the like are very detectable, GAKS is by far the best method for a usermode logger, unless your a good kernel programmer I'd stick with this API 3. Don't email your logs, emails are easily picked up by any AV, and will be stopped in there tracks, and the user will be alerted that an email is being sent out and your little home away from home on there machine will be discovered and it'll be all for naught. Same thing kinda don't FTP either! leaving a username and password of anykind is leaving a link to you, you don't want that, avoid the FTPizzle and go with the PHPizzle and MYSQLizzle. Its easy to setup and the best way of retrieving logs found here----> http://hak5.org/forums/index.php?showtopic=9644 4. Never save any log files onto the computer, when the number of characters reaches a certain number in the buffer, or a certain time has passed, encrypt the keystroke buffer(actually you could even encrypt the characters as they are typed for extra security), and POST it to your php page.... any packets going across the pipeline are unreadable and unclear what they are for... Even just a simple encryption will do... once the packet is sent zero the buffer ZeroMemory(buffer, sizeof(buffer)); or memset(buffer, 0, sizeof(buffer)); etc... 5. Come up with a clever way to hide your running code, create some threads in a process thats always running on the computer/ inject a dll into an always running process / hide your running executable using a kernel mode driver / disable Windows File Protection and modify a system process and embed your code within it / many more ways I haven't even thought of yet! LEGAL DISCLAIMER: 6.Never ever install it on any machine that you do not own! respect others privacy and test your software on your own computers! And with that have fun coding! ;) Quote Link to comment Share on other sites More sharing options...
USBHacker Posted August 26, 2008 Author Share Posted August 26, 2008 Thanks I'll use MYSQL, since all computers on the network have it installed. Quite a bit of coding involved I guess It should all be written in C++, right? (I gathered this from your avatar) Sorry, just real confused Thanks for the help so far, Please reply! USBHacker Quote Link to comment Share on other sites More sharing options...
USBHacker Posted September 2, 2008 Author Share Posted September 2, 2008 Decided to do some research on my own. Hope this will be helpful; http://sourceforge.net/projects/pykeylogger/ Found it, open-source (so you can just edit a few lines of it or rename variables etc. to make it work once it is detected by anti-virus programs)) It's even written in python! (which I understand much better then C++) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.