Re: Keystroke logging

From: ChayoteMu (chayotemu_at_gmail.com)
Date: 07/02/05

  • Next message: Joachim Schipper: "Re: Remote Desktop/Term. Serv information leakage" 
    Date: Fri, 1 Jul 2005 17:52:49 -0700
To: Guillaume Vissian <somebodyishere@gmail.com>

    This is mostly a question of curiosity. For the option of using a
    proxy would it be possible to SSH to the proxy then generate a new SSH
    from the proxy to the PC your getting into, and have the proxy log all
    info that way? It may not be doable for all situations because I
    figure you'd need to setup a hardend proxy on the network for that,
    but as I said, I'm mainly curious if that would work.

    On 7/1/05, Guillaume Vissian <somebodyishere@gmail.com> wrote:
    >
    > The proxy will not see everything, if the connection is encrypted with SSL,
    > or for some other connection like ssh , and more : ssh tunneling the user
    > will make the proxy logs unusable...
    >
    > G.
    >
    > -----Message d'origine-----
    > De: Kurt Keys [mailto:KKeys@sddpc.org]
    > Envoyé: vendredi 1 juillet 2005 16:45
    > À: pentest@jitonline.net; pen-test@securityfocus.com
    > Objet: Re: Keystroke logging
    >
    > Instead of a Keystroke logger, setup a proxy for your pen-test systems to
    > use
    > on their outbound connection to the target. Then have the proxy log
    > everything
    > and although you may not have all the mouse clicks and commands typed, you
    > will have a log of the traffic to and from the target network. To me that is
    > infinitely
    > more valuable. But that's just me.
    > Good Luck,
    >
    > Kurt Keys
    > Information Security Specialist
    > Information Security Department
    > San Diego DPC
    >
    >
    > >>> "JB" <pentest@jitonline.net> 6/30/2005 12:36:24 PM >>>
    > I'm wondering if anyone has either a kernel level keystroke logger for the
    > Linux 2.6, or a userspace keystroke logger for Linux. As part of our
    > penetration testing, we are required to give the client a log of all
    > actions performed - so this would be a good way of logging all linux
    > commands. Also - if you know of the same sort of tool for windows - that
    > would also be appreciated.
    >
    > -J
    >
    >
    >
    >
    > 

    -- 
"To catch a thief, think like a thief. To catch a master thief, be a
master thief."
  • Next message: Joachim Schipper: "Re: Remote Desktop/Term. Serv information leakage"

    Relevant Pages

    • Re: LWP Doesnt Seem To Save Cookies:
      ... http proxy, and had the proxy log what was actually being sent to the server. ... I used http://www.inwap.com/mybin/miscunix/?tcp-proxy to do the logging when my proxy did not log everything I needed. ...
      (comp.lang.perl.misc)
    • Re: SOCKS 5 protocol & sysadmin
      ... bypassing proxy settings using SOCKS 5 protocol? ... example SSH he can tunnel almost any TCP protocol into it and you will ... By the way, Even without SSH access, Any other opened port can be used ...
      (comp.os.linux.security)
    • Putty Proxy Chaining
      ... I have a project requiring the set-up of an proxied ssh session using ... I have successfully achieved this where there is a single proxy ... What I'd appreciate is if I could be told how to configure PuTTY to use ... We want to provide SSH access to a remote server ...
      (comp.security.ssh)
    • Re: configuring SSH to act as a vpn tunnel
      ... > tunnel I establish and connect to the proxy on that remote box (that I ... I guess the general question is: Can I use ssh as a generic vpn?? ... set up tunnels for a few ports. ...
      (comp.os.linux.networking)
    • Re: configuring SSH to act as a vpn tunnel
      ... > tunnel I establish and connect to the proxy on that remote box (that I ... I guess the general question is: Can I use ssh as a generic vpn?? ... set up tunnels for a few ports. ...
      (comp.os.linux.security)