I need a hardware Keylogger - Anyone have experience with these?

tankman1989

tankman1989

Active Member
Reaction score
5
Greetings,

I am going to be doing some work with a local business and one of the things they want me to do is evaluate their level of physical security as well as network and system security. I will have access to a number of computers and I am going to install key loggers in order to get some passwords (none of the passwords will be used, I just list them in my report, along with how it was attained).

So, my question is, what is a good key logger? I would love one that is PS2 & USB but would settle for one of each. I have also seen huge price variations for items that look exactly the same. One company may be charging $300 while that same device sells for $49 some where else.

So, can anyone tell me if they have had luck with these and if so, what brand?
 
i'm just wondering what this will achieve?
Is it to show how easy it would be to capture them via a little piece of hardware?

If i was a business and you handed me a report with a list of passwords i would consider that a security risk - what happens if the report is mislaid? Or stolen from me before the users passwords are reset?

Just use a normal usb extender or ps2/usb adapter and see how many you can get onto their pc's. That would show the security flaws in terms of physical security without the compromising password list. You could then bring the boss/owner around and show him how many of these you were able to install and explain how risky they would be if they were in fact real keyloggers.
 
Knightsman said:
The best only cost a donation of $20

pykeylogger :)
Click to expand...

It's not a donation if it "costs" anything at all.

EDIT: That being said, I see that I can download and use without paying the $20. So it would, in fact, be a donation. It's not that I mind giving a donation, it's that i am starting to see companies claim they have a free program but require a donation.
 
Last edited:
I have used it, and it worked for some "customers" that needed it. It runs for a maximum of 4 days without a donation. But you can uninstall and reinstall multiple times for the 4 days lol.

It works good, you can set it to email, ftp, or save to a folder or mapped drive. That way you can be remotely connected and still do the job without being seen going behind the tower removing a "weird" device.
 
Knightsman said:
It runs for a maximum of 4 days without a donation.
Click to expand...

Well, that's my point. It's not a donation then. It's a trial program that costs money to use. This sort of trickery and shadiness on their part would keep me from using any of their products.

There's no reason to claim it's a donation when they can just simply sell it. Calling it a donation, but requiring it, is absolutely no different than a cost.
 
NeutronTech said:
Well, that's my point. It's not a donation then. It's a trial program that costs money to use. This sort of trickery and shadiness on their part would keep me from using any of their products.

There's no reason to claim it's a donation when they can just simply sell it. Calling it a donation, but requiring it, is absolutely no different than a cost.
Click to expand...

OK...who cares. It works, its called marketing. Your loss if you don't try something because of that.
 
Knightsman said:
OK...who cares. It works, its called marketing. Your loss if you don't try something because of that.
Click to expand...

thats the thing though - it doesn't work. Without a compulsory "donation" that is. Thats not really a donation then is it. I don't think i can go to the supermarket and get my weekly shopping and write the cost off as a donation can I? Thats called a purchase and calling it a donation is false advertising.....or marketing even :D
 
DarDar said:
that's the thing though - it doesn't work. Without a compulsory "donation" that is. 'not really a donation then is it. I don't think i can go to the supermarket and get my weekly shopping and write the cost off as a donation can I? That's called a purchase and calling it a donation is false advertising.....or marketing even :D
Click to expand...

But it does work, but yeah only 4 days. I don't think its false advertising, because 4 days lasts a long time. For the average Joe, its 4 days the user is active. So if its only 2 hours per day, that's a long time to give someone the evidence they need etc. The "donation" they give you the source code to do with as your please.

I get your point, but don't see it as a reason to not try it. Because it is a cheap, powerful, customizable keylogger.
 
That may be so but as software with an open source license they have to make the source available anyways regardless of donation, sale, purchase etc. Although i am aware that open source != free.

I will try it, but that is all i can do really as it is in effect a trial piece of software. Although yes i can take the source and modify to remove the 4 day limit.

The point being made is that the software is effectively shareware - free to try, free to share but not free to keep using beyond a certain criteria, in this case 4 days.

http://en.wikipedia.org/wiki/Donation
 
haha did you really just show a definition of donation?

I guess ill make sure to post the sarcasm signature so people don't over react. I'll also wont forget the "" next time.
 
DarDar said:
i'm just wondering what this will achieve?
Is it to show how easy it would be to capture them via a little piece of hardware?

If i was a business and you handed me a report with a list of passwords i would consider that a security risk - what happens if the report is mislaid? Or stolen from me before the users passwords are reset?

Just use a normal usb extender or ps2/usb adapter and see how many you can get onto their pc's. That would show the security flaws in terms of physical security without the compromising password list. You could then bring the boss/owner around and show him how many of these you were able to install and explain how risky they would be if they were in fact real keyloggers.
Click to expand...


That is a good point. The only good thing I could see about using a key logger over a unique extender would be to find out if employees are using strong/secure passwords (some programs don't have ways to set standards for passwords). If we capture all the passwords and find that some people are using words such as: "password", "start", "open" "qwerty" etc.

I'll explain the pro's and con's of this operation to the client and see what they want to do.

Either way, I would still like to get some key loggers for later use for "special circumstances" such as parents requesting a way to find out what their kids are doing on their computers and such.

So, what hardware loggers would you suggest? What are the best on the market? I've found some that incorporate WiFi in the key logger and it will email the logs to any email address you program the device to send to - if it has access to a wireless network (don't know if it does security such as WEP, WPA, etc)..
 
DarDar said:
That may be so but as software with an open source license they have to make the source available anyways regardless of donation, sale, purchase etc. Although i am aware that open source != free.

I will try it, but that is all i can do really as it is in effect a trial piece of software. Although yes i can take the source and modify to remove the 4 day limit.

The point being made is that the software is effectively shareware - free to try, free to share but not free to keep using beyond a certain criteria, in this case 4 days.

http://en.wikipedia.org/wiki/Donation
Click to expand...

As far as the GNU goes, does that mean I can remove the 4 day limit and then redistribute the software without it as freeware?

My whole point is that I don't like to deal with dishonest companies. You can call it marketing if you want, but I don't deal with companies with shady marketing either. I would rather find a way to undermine them (ie. removing the 4 day limit). There is no reason not to be upfront about the cost and label it as shareware. Unless releasing it as shareware is a violation of the open source license, in which case the donation is an attempt at a loop hole. However, just because you call it a donation, doesn't make it one.

My loss? Maybe, but I would rather suffer a loss than to encourage that type of behavior.
 
tankman1989 said:
That is a good point. The only good thing I could see about using a key logger over a unique extender would be to find out if employees are using strong/secure passwords (some programs don't have ways to set standards for passwords). If we capture all the passwords and find that some people are using words such as: "password", "start", "open" "qwerty" etc.

I'll explain the pro's and con's of this operation to the client and see what they want to do.

Either way, I would still like to get some key loggers for later use for "special circumstances" such as parents requesting a way to find out what their kids are doing on their computers and such.

So, what hardware loggers would you suggest? What are the best on the market? I've found some that incorporate WiFi in the key logger and it will email the logs to any email address you program the device to send to - if it has access to a wireless network (don't know if it does security such as WEP, WPA, etc)..
Click to expand...


Personally I think that is insane. If someone has physical access to a computer it is game over.... You can simply use something like NTPASSWD create a separate admin account and you own the box. Also, as mentioned before you do not want those passwords in your physical possession. If anything obtain the password hashes and use John the Ripper to crack the hashes.

I wouldn't ever trust a hardware keylogger...
 
NeutronTech said:
As far as the GNU goes, does that mean I can remove the 4 day limit and then redistribute the software without it as freeware?

My whole point is that I don't like to deal with dishonest companies. You can call it marketing if you want, but I don't deal with companies with shady marketing either. I would rather find a way to undermine them (ie. removing the 4 day limit). There is no reason not to be upfront about the cost and label it as shareware. Unless releasing it as shareware is a violation of the open source license, in which case the donation is an attempt at a loop hole. However, just because you call it a donation, doesn't make it one.

My loss? Maybe, but I would rather suffer a loss than to encourage that type of behavior.
Click to expand...



The reason why I disagree (and we can agree to disagree) is because you might miss out on an awesome product because you want to attempt to police "freeware" and "shareware" products. I 100% get your point, but at the end of the day, what does it matter?

Its like not letting somebody over because you think they should have gotten in your lane and not in the merge lane. But at the end of the day, that person was in front.

On a side note, just looked at the site again, and it offers the source files for download, and the "donation" is for the compiled source. So theres a good chance when I used it last time it was the same way.
 
Knightsman said:
The reason why I disagree (and we can agree to disagree) is because you might miss out on an awesome product because you want to attempt to police "freeware" and "shareware" products. I 100% get your point, but at the end of the day, what does it matter?

Its like not letting somebody over because you think they should have gotten in your lane and not in the merge lane. But at the end of the day, that person was in front.

On a side note, just looked at the site again, and it offers the source files for download, and the "donation" is for the compiled source. So theres a good chance when I used it last time it was the same way.
Click to expand...

Yeah, we can agree to disagree. However, I'm not trying to police anything. I would just like them to be up front and say "hey, this is shareware", instead of basically saying "free keylogger!", and then requiring a payment to use it.

I know it's not just these guys, it just seems like marketing tactics over the past several years just continues to sink lower and lower. This is the same reason I try to be careful about my marketing. I wouldn't sell my service as

"free repair........ we'll fix your computer and you can come to the shop and use it whenever you'd like. However, if you'd like to take it back home, there is a donation of $xx"

But, like you said, we'll agree to disagree on this one.
 
tankman1989 said:
That is a good point. The only good thing I could see about using a key logger over a unique extender would be to find out if employees are using strong/secure passwords (some programs don't have ways to set standards for passwords). If we capture all the passwords and find that some people are using words such as: "password", "start", "open" "qwerty" etc.
Click to expand...

Seems to me you could just tell them how to use gpedit to force stronger passwords without actually having to give anyone's password to anyone else and eliminating that potential risk.
 
You must log in or register to reply here.

Similar threads

autumn
Does anyone have experience with https://www.galacticscan.com/
Replies
1
Views
459
Diggs
Diggs
britechguy
Anyone have any security suite/antivirus software for Android that they recommend?
Replies
15
Views
566
frase
frase
britechguy
For your clients with inkjet printers, do them a favor, tell them they need to print at least monthly
Replies
13
Views
542
britechguy
britechguy
HCHTech
Windows server activation problems
Replies
12
Views
667
Sky-Knight
Sky-Knight
HCHTech
Outlook New rant
Replies
12
Views
679
dcomp12
D
Back
Top