- This topic has 1 reply, 2 voices, and was last updated 7 years, 1 month ago by .
- You must be logged in to reply to this topic.
We all know about hardware and software based keyloggers, but I think there’s actually another one that is on just about every computer; the human keylogger. These are the most common, and perhaps most sophisticated keyloggers that organize keystrokes into nicely formatted documents, Facebook posts, e-mails, etc., and have a few unique benefits:
1. They log keystrokes years before you ever got access, giving you the ability to go back in time! Sometimes all the passwords are already conveniently logged in a file called passwords.txt.
2. Logs from human keyloggers often end up on multiple computers via the network. So if you gain access to a computer and get the users’ e-mail, you can see not only the keystrokes that your target has entered, but the keystrokes from people responding. The same applies for documents on network shares.
3. You sometimes don’t even need to gain access to a target computer, and can learn quite a bit by using OSINT.
4. Not only do keystrokes get logged, but general user activity like browser history, program execution, contacts, files system activity, Wi-Fi networks used, etc.
5. No malware or hardware needs to be installed, human keyloggers are FUD.
That’s an interesting take on things. Yes, people do have a habit of storing interesting info like passwords in plaintext files. While they are not exactly keyloggers it’s basically a different means to the same end. Trawling home directories is a great way to start privilege escalation and jumping to other systems and services.
– EH-Net Live! Join us on Wed Jan 29 @ 1:00 PM EST for “Shellcode for the Masses“ w/ John Hammond. Reg Open Now!
– EH-Net Live! December – Video & Deck Available Now! for “Burp-less Hacking – Learning Web Application Pentesting on a Budget” w/ Phillip Wylie from Dec 19.
– EH-Net Live! November – Video & Deck Available Now! for “All Things CTF!” w/ Ray Doyle of EverSecCTF from Nov 21.
– EH-Net Live! October – Video & Deck Available Now! for “Hacking Humans” w/ Hadnagy, Paul & Baron from Oct 29.
– EH-Net Live! August – Video & Deck Available Now! for “Wireshark for Hackers” w/ Laura Chappell from Aug 29.
See all EH-Net Live! Videos
More on the EH-Net YouTube Channel
Copyright ©2020 Caendra, Inc.