Re: Linux keylogger or logging command before ssh
- From: Mailman <mailman@xxxxxxxxxxxxx>
- Date: Wed, 22 Feb 2006 09:20:24 +0100
On Tue, 21 Feb 2006 22:40:44 -0800, themattreid wrote:
The nature of an encrypted tunnel is that all of the data being
transfered is not able to be read with out the cypher. A keylogger
would not help in this instance.
michael4447@xxxxxxxxx wrote:
I am setting up a honeynet. I have noticed that when someone gets into
my box they ssh out (so that I cannot read the packets with an
attatched sniffer).
Does anyone know of a keylogger that would capture all traffic or
commands *before* they leave the hacked box and into the ssh tunnel? I
have tried j2mitm to attack the ssh2 tunnel itself but I cannot get
that to work and I think grabbing the traffic before it gets encrypted
would be much easier anyway.
I can post a more detailed description if that would be helpful or if
anyone is interested. Thanks,
-Michael
That is not quite true. A keylogger would certainly show you what the ssh
user is typing - but not what he reads.
The easiest solution for the OP is to install a modified version of ssh on
the machine: no keylogger required, and all the traffic (outgoing and
incoming) can be logged somewhere.
--
Mailman
----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
.
- References:
- Linux keylogger or logging command before ssh
- From: michael4447
- Re: Linux keylogger or logging command before ssh
- From: themattreid
- Linux keylogger or logging command before ssh
- Prev by Date: Re: Linux keylogger or logging command before ssh
- Next by Date: Dictionary attacks on port 22
- Previous by thread: Re: Linux keylogger or logging command before ssh
- Next by thread: Dictionary attacks on port 22
- Index(es):
Relevant Pages
|
