13 replies to this topic

[doomer]

Researching USB keyboard loggers and I'm getting conflicting reports about how hidden they are. I checked out KeyGhost and KeyGrabber (love the Nano) but heard these could be visible as a USB device or even an external drive. Is this true or there an easy way defeat that? It would have to stay hidden after reboots and/or installing hardware/software etc. Not on a network but this computer is used often to VPN into a network.

Yep, bit of a noob here so don't nuke me on the dumb questions.

[Afterm4th]

initially upon first insertion of the usb keylogger your system might show that a usb device or usb keyboard (depending on which usb keylogger you have) has been plugged in, but after that they should be fairly undetectable to the average user.

also, they do not work on some new mac keyboards. I've found this out from personal experience

[doomer]

initially upon first insertion of the usb keylogger your system might show that a usb device or usb keyboard (depending on which usb keylogger you have) has been plugged in, but after that they should be fairly undetectable to the average user.

also, they do not work on some new mac keyboards. I've found this out from personal experience

Awesome, thanks for the reply. I've give it a try and test it out.

[XlogicX]

Anybody have one of these? I would be interested in what $lsusb brings back as a device name. If it's unique enough, you could write a script/cron to grep and alert. You could also script for changes as well, this would at least alert you to check the back of your box. I played with the KeyKatcher 32 and 128 in the ancient times (it was PS2) .

[Afterm4th]

Anybody have one of these? I would be interested in what $lsusb brings back as a device name. If it's unique enough, you could write a script/cron to grep and alert. You could also script for changes as well, this would at least alert you to check the back of your box. I played with the KeyKatcher 32 and 128 in the ancient times (it was PS2) .

Good question. I will check mine out shortly...

[tekio]

Researching USB keyboard loggers and I'm getting conflicting reports about how hidden they are. I checked out KeyGhost and KeyGrabber (love the Nano) but heard these could be visible as a USB device or even an external drive. Is this true or there an easy way defeat that? It would have to stay hidden after reboots and/or installing hardware/software etc. Not on a network but this computer is used often to VPN into a network.

Yep, bit of a noob here so don't nuke me on the dumb questions.

This would be easy to implement (someone could find out what kind of keyboard you use then switch it out with a tainted, identical model). It's propbably pretty stealthy, too.


Made by the same people that make KeyGrabber.

link: http://www.keelog.co...ard_logger.html

[XlogicX]

Then there's the Teensy attack
Teensy USB HID Attack Vector

R3l1K and Mitnick demo it in their DerbyCon2011 talk:
Adaptive Penetration Testing

It's not a logger, but a keyboard that will own the victims box and put a shell on it. They 'dropped' 5 keyboards at a company and got like 8 shells

[chock]

Researching USB keyboard loggers and I'm getting conflicting reports about how hidden they are. I checked out KeyGhost and KeyGrabber (love the Nano) but heard these could be visible as a USB device or even an external drive. Is this true or there an easy way defeat that? It would have to stay hidden after reboots and/or installing hardware/software etc. Not on a network but this computer is used often to VPN into a network.

Yep, bit of a noob here so don't nuke me on the dumb questions.

Why not use software keylogger? Hardware keylogger or usb keylogger is easily detected and deleted, even the person who doesn't know what it is can remove it. But some good software keylogger is an undetectable and invisible spy software.The software keylogger is more popular online, and more importanly, it runs with many applications and browsers. In addition, some spy software like remote spy can be installed without physically accessing, but the hardware keylogger must be installed with people themselves.

Edited by chock, 15 February 2012 - 04:30 AM.

[Tiki]

There is quite a list of software keyloggers avalible on TPB.

[xiaokaige]

The keylogger software is invisible. Keylogger hardware can be finded.

[peanutedd]

wrote my own keylogger with JAVA the other day, logs all keystrokes to one of my online servers where I can filter and use as neccesary.

quite easy actually

[Powermaniac7]

wrote my own keylogger with JAVA the other day, logs all keystrokes to one of my online servers where I can filter and use as neccesary.

quite easy actually

Learning Java myself at the moment as well as Python now thanks to some more courses offered by Stanford although I'm not sure it is Stanford I just know it is done by Udacity and the some of the guys who did the ai-class last year.

So I was going to ask are you willing to post the code up? And if so would you, please?

[army_of_one]

You're best option is to try to combine hardware and software. First, you get a nice stealthy software keylogger (or eavesdropper in general). Then, you get it onto the machine via a hardware attack to bypass defences & maybe obscure it further. The USB HID attack is nice for shells. My favorite of all time, due to Apple popularity, is the firewire attack. If they don't have an IOMMU, Firewire bypasses the OS protections altogether to give you full read-write access to RAM (see DMA). You can actually do a lot more than keylog with that kind of intrusion. Lastly, you can always pull a blue pill style attack or other subversion where the OS is running on top of or alongside highly privileged trojan that's intercepting data & invisible to the Windows system.

Nick P
schneier.com

[xiaokaige]

Researching USB keyboard loggers and I'm getting conflicting reports about how hidden they are. I checked out KeyGhost and KeyGrabber (love the Nano) but heard these could be visible as a USB device or even an external drive. Is this true or there an easy way defeat that? It would have to stay hidden after reboots and/or installing hardware/software etc. Not on a network but this computer is used often to VPN into a network.

Yep, bit of a noob here so don't nuke me on the dumb questions.

You can use the keylogger software.