Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Just interested in this: monitoring and logging local keystrokes

  1. #11
    Just burned his ISO Michaetito's Avatar
    Join Date
    Oct 2008
    Posts
    24

    Default

    Take look at meterpreter scripts. Specialy that for keystroke sniffing.

  2. #12
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by me-$-on View Post
    first, because it looks great.

    And the second reason is, to get familiar with system-monitoring

    Perhaps I will write a system-monitor by myself, some time later.

    Who konws.

    The sources of lkl seem to be available, it would be very interesting to take a look at them.
    There is no sane reason to be logging your keystrokes in this format. Not only will you get a bunch of BS output, "dumping the opcodes" will be sporadic and stupid.

    A far niftier trick is to execute something like the scripts linked (which I still find hilarious), or do what I do, and run "hexdump -C /dev/random" in an embedded console window. It will look a lot "l33t"er, and (if you're like me) you start to see patterns in a so-called random system.

    On the topic of system monitoring, spend some time getting to know how... *ahem*... "hackers" are monitored by those who are in the know, who actively spend time rolling around in honey pots (as it were). They even have a proper tool for that sort of thing.

    In short, find a decent reason to be logging keystrokes, and use a proper tool for it after doing a decent amount of research on the topic.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #13
    Junior Member
    Join Date
    Jan 2010
    Posts
    49

    Default

    There is no sane reason to be logging your keystrokes in this format. Not only will you get a bunch of BS output, "dumping the opcodes" will be sporadic and stupid.

    A far niftier trick is to execute something like the scripts linked (which I still find hilarious), or do what I do, and run "hexdump -C /dev/random" in an embedded console window. It will look a lot "l33t"er, and (if you're like me) you start to see patterns in a so-called random system.

    On the topic of system monitoring, spend some time getting to know how... *ahem*... "hackers" are monitored by those who are in the know, who actively spend time rolling around in honey pots (as it were). They even have a proper tool for that sort of thing.

    In short, find a decent reason to be logging keystrokes, and use a proper tool for it after doing a decent amount of research on the topic.
    The dev urandom thing is ugly, my frîend.

    I do not want useless things to be presented on the screen.

    But, You are seeing patterns in random output. Sounds funny.

    And, i am programming, too.

    So obviously you do understand my passion to do this by myself.
    FIAT IUSTITIA ET PEREAT MUNDUS

  4. #14
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    nevermind...

  5. #15
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by me-$-on View Post
    I do not want useless things to be presented on the screen.
    Displaying keystrokes from your own system seems kind of useless to me. So does displaying opcodes unless you are actively trying to reverse engineer or find vulnerabilities in a particular program. The traditional definition of system monitoring doesn't include either activity - it usually focuses on system information that is relevant to a systems performance or security, depending on what your monitoring focus is.

    For performance you might look at levels of network activity, CPU utilisation, memory capacity, hard disk usage, etc. For security monitoring you might look at process lists, audit events, active network connections, etc.

    Is there some specific goal you think can be achieved by looking at opcodes and keystrokes?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #16
    Junior Member
    Join Date
    Jan 2010
    Posts
    49

    Default Yes.

    It just interests me, what opcodes are working in the background.

    I would try to code this by myself, so that I would see tha active thread of the actual process by name and number and the occuring opcodes.

    As I started reading the "Art of Assembly", I must admit, that this is a very interesting topic to me.

    And, audit events?

    Would be perfect.

    I read about that in a WinApi-Snippet, it was about UI-hooks.

    Will this be the same with X???
    FIAT IUSTITIA ET PEREAT MUNDUS

  7. #17
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by Snayler View Post
    nevermind...
    Well I do mind posts like that.

    @topic

    Well it will slow your system down really bad. You would have to real-time monitor every process on your system.

    You might want to dig into gdb.
    Tiocfaidh ár lá

  8. #18
    Junior Member
    Join Date
    Jan 2010
    Posts
    49

    Default You are straight edge?

    because of Your avatar.


    So, I thought about performance-issues regarding the disassembly of each active thread.

    And it seems, I was right.

    What about this: Getting the active thread, dumping the memory-contents to a file and using this as a buffer to read from and display this?
    Would this be a useful workaround?




    And what about catching occurring events?
    Is It done the same way, like in Windows? By using GUI-hooks?
    FIAT IUSTITIA ET PEREAT MUNDUS

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •