Re: Walleye and keylog data extraction

["Blarnum, Seamus" <crpyt0k1d () yahoo com>]

if I am mistaken sebek does socket tracking, so you
would need to open a socket to the hp via a remote
machine. 

the honeywall will only track "sebeked" flows going
through the honeywall from external to internal. you
would need to throw an exploit at the machine and get
a reverse shell.

hope this helps

Seamus

--- omarmdx () yahoo co uk wrote:

> Hi All,
>
> I installed Sebek in a windows XP box, I tried to
> test the key logging capabilities of sebek by doing
> the following:
>
> 1- Opened a wordpad and typed some dummy data
> 2- Did the same thing with notepad
> 3- logged in into a yahoo mail account and typed
> user name and password
>
> Unfortunately when I try to view the collected data
> in walleye, I couldn't spot anything related to the
> supposed keylogged data. I'm just getting various
> TCP, UDP, and http connections. 
>
> Could any one if:
> a- It's possible to get the keylogged data?
> b- if yes then how and where
>
> The version of Sebek I'm using is 3.0.4 
>
> Thanks in advance
> Omar


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com