Jump to content

Remote Keylogging?


USBHacker
 Share

Recommended Posts

Hello

I am wondering if there is a good way to remote keylog on and over my network?

And how to protect my network against it?

I am using Windows Server 2003 with XP Pro Workstations.

I am interested in the tools used to remote keylog on a network (locally).

Please tell me which ones to use, and how to protect the network against them!

Thanks in advance,

Panarchy

Link to comment
Share on other sites

best way to remote key log is to write the logger yourself, all other tools will easily be detected by anti viruses, and thus the answer to the second question, keep your Av's up to date, and u shouldn't have an issue with key loggers.

Link to comment
Share on other sites

Hello

I am wondering if there is a good way to remote keylog on and over my network?

And how to protect my network against it?

I am using Windows Server 2003 with XP Pro Workstations.

I am interested in the tools used to remote keylog on a network (locally).

Please tell me which ones to use, and how to protect the network against them!

Thanks in advance,

Panarchy

Use AD to lock the workstations down. create a GP that will only allow specified executables to run. run tripwire against the workstations and servers to detect changes to the environment.

Link to comment
Share on other sites

well I wont post code but I'll give you a couple tips on making a good one:

1. Catch repeated keystrokes (so for example if you press a key, I'm sure you don't press keys so fast like 10 milliseconds a key usually humans press and release keys in a about 100-200 milliseconds)

pausing your get key code for that long isnt a good idea because then you'll miss keys. Instead catch repeated ones and don't put them in your buffer(if the key is released however and pressed again it is logged)

2. Use GetAsyncKeyState() API - keyboard hooks and the like are very detectable, GAKS is by far the best method for a usermode logger, unless your a good kernel programmer I'd stick with this API

3. Don't email your logs, emails are easily picked up by any AV, and will be stopped in there tracks, and the user will be alerted that an email is being sent out and your little home away from home on there machine will be discovered and it'll be all for naught. Same thing kinda don't FTP either! leaving a username and password of anykind is leaving a link to you, you don't want that, avoid the FTPizzle and go with the PHPizzle and MYSQLizzle. Its easy to setup and the best way of retrieving logs

found here---->

http://hak5.org/forums/index.php?showtopic=9644

4. Never save any log files onto the computer, when the number of characters reaches a certain number in the buffer, or a certain time has passed, encrypt the keystroke buffer(actually you could even encrypt the characters as they are typed for extra security), and POST it to your php page.... any packets going across the pipeline are unreadable and unclear what they are for... Even just a simple encryption will do... once the packet is sent zero the buffer ZeroMemory(buffer, sizeof(buffer)); or memset(buffer, 0, sizeof(buffer)); etc...

5. Come up with a clever way to hide your running code, create some threads in a process thats always running on the computer/ inject a dll into an always running process / hide your running executable using a kernel mode driver / disable Windows File Protection and modify a system process and embed your code within it / many more ways I haven't even thought of yet!

LEGAL DISCLAIMER:

6.Never ever install it on any machine that you do not own! respect others privacy and test your software on your own computers!

And with that have fun coding! ;)

Link to comment
Share on other sites

Thanks

I'll use MYSQL, since all computers on the network have it installed.

Quite a bit of coding involved I guess :unsure:

:blink:

It should all be written in C++, right? (I gathered this from your avatar)

Sorry, just real confused :rolleyes:

Thanks for the help so far,

Please reply!

USBHacker

Link to comment
Share on other sites

Decided to do some research on my own.

Hope this will be helpful;

http://sourceforge.net/projects/pykeylogger/

Found it, open-source (so you can just edit a few lines of it or rename variables etc. to make it work once it is detected by anti-virus programs))

It's even written in python! (which I understand much better then C++)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...