Re: Key strokes logger

From: Meritt James (
Date: 07/31/01

Message-ID: <>
Date: Tue, 31 Jul 2001 13:48:35 -0400
From: "Meritt James" <>
To: centipede <>
Subject: Re: Key strokes logger

If auditing is enabled on NT systems, the information which you claim
interest (and NOT passwords) is recorded. (Including failures, of
course!). Enable full (and I mean FULL) auditing for an interval.
Beware of exceeding the disk space available- there is a LOT of data!

Why would you want (as in the original request) passwords associated
with usernames?

centipede wrote:
> It goes to a host on which I've got the full administrator authority.
> Full access to its Devices, Registry or whatever.
> A remote installation is truly preferable.
> James, to your question, here's the thing:
> I suspect that host to be the source of malicious activity.
> I *DO* suspect a certain user, but I wanna do some research.
> I need to know about every single login, and I'm interested in the
> failures no less than the successes.
> that's about it.
> thanks,
> centipede.
> Meritt James wrote:
> > Well, THAT looks like a less-than-friendly specification! Why do you
> > want such a thing?
> >
> > centipede wrote:
> >
> >> Hello,
> >>
> >> I'm looking for a key-strokes logging utility for an NT4.0 host.
> >> It should be stealthy and hopefully capable of logging the log-in
> >> username and password.
> >> Any suggestions ?
> >>
> >> thanx
> >> centipede.
> >

James W. Meritt, CISSP, CISA
Booz, Allen & Hamilton
phone: (410) 684-6566

Relevant Pages

  • Re: Key strokes logger
    ... Enable full auditing for an interval. ... Why would you want passwords associated ... centipede wrote: ... > failures no less than the successes. ...
  • Re: Unknown user name or bad password
    ... These are failures which is good;-) Keep strong passwords in effect. ... "Chad" wrote in message ... > daily log, I always get one or two "Unknown user name or ...
  • Re: Key strokes logger
    ... analyzing login attempts. ... NT auditing will log both attempts as the same thing, ... what usernames and passwords have been/are being attempted could be ... 'login failure for administrator' in the logs might look like a typo. ...
  • Re: IIS Basic Auth logon failure
    ... No special characters in their user names or passwords. ... As far as auditing, it is on; ... >> Authentication; by the log entry, ...
  • Re: solid backdoor using certificates?
    ... So this is a simple examples of digital certificates and passwords being ... and failed attempt locking, auditing etc can be rigorously applied. ...