Honeypots mailing list archives
Re: Walleye and keylog data extraction
From: "Blarnum, Seamus" <crpyt0k1d () yahoo com>
Date: Tue, 2 May 2006 06:04:56 -0700 (PDT)
if I am mistaken sebek does socket tracking, so you would need to open a socket to the hp via a remote machine. the honeywall will only track "sebeked" flows going through the honeywall from external to internal. you would need to throw an exploit at the machine and get a reverse shell. hope this helps Seamus --- omarmdx () yahoo co uk wrote:
Hi All, I installed Sebek in a windows XP box, I tried to test the key logging capabilities of sebek by doing the following: 1- Opened a wordpad and typed some dummy data 2- Did the same thing with notepad 3- logged in into a yahoo mail account and typed user name and password Unfortunately when I try to view the collected data in walleye, I couldn't spot anything related to the supposed keylogged data. I'm just getting various TCP, UDP, and http connections. Could any one if: a- It's possible to get the keylogged data? b- if yes then how and where The version of Sebek I'm using is 3.0.4 Thanks in advance Omar
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Walleye and keylog data extraction omarmdx (May 01)
- Re: Walleye and keylog data extraction Blarnum, Seamus (May 02)