Articles

Metasploit Framework Windows Tutorial
Remote Desktop Connection
Windows Processes That May Be Dangerous
How-To use NetCat a Tutorial
Common Linux Commands
Common Ports
Netcat Commands
HTTP Response Codes
War-Google Hack Terms
Wardriving
Avoiding Social Engineering and Phishing Attacks
Intrusion Detection on Linux
Linux Intrusion Detection
Penetration Testing Guide
Penetration Testing Tools
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering (computer security)
The Psychology of Social Engineering

The Archives

General GSO
GovernmentSecurity.org News & Suggestions
In The News
Open Topic
General Security Information
Trash Can
Exploit & Vulnerability Mailing List Archives
Trial Member Forum
Product and Program Reviews GSO Tutorials
System Security
Windows Systems
Beginners Section
Linux & Unix Systems
File Downloads
Exploit Research & Discussion Trojan & Virus Errata
Networking Security / Firewall / IDS / VPN / Routers
System Hardening
E-Mail Security
Wifi Security
Trial Member Uploads
Upload discovered Trojans & Mal ware
GSO Programming Section
C , C++ , VC++
Visual Basic.NET
Perl /CGI
Java/Javascript
PHP/XML/ASP/HTML
Assembly + Other
The Cork Board
Network Security Consultant Directory
Network Security Jobs
The Archives
Encryption Information
General Network Security
Internet Anonymity
HTTP Protocol Security
Linux Security
MS IIS Information
Exploit Articles
Programming / Tool Design
GSO Software Projects
Public Downloads
Microsoft Security Questions and Papers
Help - Search - Member List - Calendar
GovernmentSecurity.org > General GSO > Trial Member Forum
h0ttz
Aug 9 2005, 06:49 AM
Hello guys, sorry my english, im speak portuguese!!! tongue.gif


Somebody knows to keylogger that it works with the terminal services?

I need to catch user/password of user that he is if login in machine using the remote terminal services, not local!

Exist many keyloggers but none have compatibility with terminal services

Somebody can help me?

Tanhks..
usch
Aug 9 2005, 07:48 AM
http://www.spydex.com/forum/board-keylogge...m-15550070.html

regards

usch
Booster2ooo
Aug 9 2005, 12:53 PM
if you have access to one machine on the network, you could use cain, and sniff network for nt pass (don't remember if they are crypted, if yes, just use LC, LPC or Rainbow)
boshcash
Aug 10 2005, 01:26 AM
there is but i didnt test it out by myself but i have to get permission first from the creator first ..
Frankie
Aug 10 2005, 09:31 AM
QUOTE
h**p://www.spydex.com/forum/board-keylogge...m-15550070.html

I was looking a few weeks back for the same sort off program
Alway's nice that people help eachother out wink.gif
nolimit
Aug 12 2005, 12:26 AM
QUOTE(usch @ Aug 9 2005, 07:48 AM)
http://www.spydex.com/forum/board-keylogge...m-15550070.html

regards

usch
*



Won't work in pre login though. It won't be able to capture the pass inputted into the TS window.

If anyone is interested in researching this, I've done a lot with it.
h0ttz
Aug 12 2005, 12:34 AM
QUOTE(nolimit @ Aug 12 2005, 12:26 AM)
QUOTE(usch @ Aug 9 2005, 07:48 AM)
http://www.spydex.com/forum/board-keylogge...m-15550070.html

regards

usch
*



Won't work in pre login though. It won't be able to capture the pass inputted into the TS window.

If anyone is interested in researching this, I've done a lot with it.
*




nolimit im interested!!!!
usch
Aug 12 2005, 07:22 AM
for anyone who is able to understand german, i have an article about how to sniff the TS password with cain& abel.
http://www.heise.de/security/artikel/61945

usch
nolimit
Aug 14 2005, 10:50 AM
very very cool. cain and abel has always been such an awesome tool.

I was talking about capturing it from a programmatical standpoint. Basically I'm pretty sure the session is spawned in smss and the kernel, and once the credentials are verified and a security token is made the new explorer is made w/ the new session ID. In reality, there is probably many ways to capture the login. Kernel hooks, or even hooking some special functions in LSASS.exe :>
Zalumaskov
Aug 14 2005, 07:06 PM
What you might need is a service based keylogger, I may be wrong but from I think a service will start before the login.

where can you find a service based logger? well I dunno but there are lots of great tools that can wrap exes into a service.

Here is a one by illwill
h**p://www.governmentsecurity.org/forum/http://www.governmentsecurity.org/forum/index.php?showtopic=13999&hl=

you might wanna try that on your keylogger


goodluck.
DarkRider
Aug 14 2005, 10:35 PM
QUOTE(Zalumaskov @ Aug 14 2005, 07:06 PM)
What you might need is a service based keylogger, I may be wrong but from I think a service will start before the login.

where can you find a service based logger? well I dunno but there are lots of great tools  that can wrap exes into a service.

Here is a one by illwill
h**p://www.governmentsecurity.org/forum/http://www.governmentsecurity.org/forum/index.php?showtopic=13999&hl=

you might wanna try that on your keylogger


goodluck.
*



I guess most loggers are private... but is possible for years allready biggrin.gif

Search something in the order of msgina32.dll wink.gif
nolimit
Aug 15 2005, 11:14 AM
haha hey DarkRider long time no talk,

anyways I was speaking of methods besides the very evasive gina stub. It's very easy to detect as it's a reg key change. Most hosters check the reg key periodically to make sure they're not being logged.

I'd much rather hook a function smile.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc.