[usch]

http://www.spydex.co...m-15550070.html

regards

usch

[Booster2ooo]

if you have access to one machine on the network, you could use cain, and sniff network for nt pass (don't remember if they are crypted, if yes, just use LC, LPC or Rainbow)

[boshcash]

there is but i didnt test it out by myself but i have to get permission first from the creator first ..

[Frankie]

Quote

h**p://www.spydex.com/forum/board-keylogge...m-15550070.html

I was looking a few weeks back for the same sort off program
Alway's nice that people help eachother out ;)

[nolimit]

usch, on Aug 9 2005, 07:48 AM, said:

http://www.spydex.co...m-15550070.html

regards

usch

<{POST_SNAPBACK}>

Won't work in pre login though. It won't be able to capture the pass inputted into the TS window.

If anyone is interested in researching this, I've done a lot with it.

[usch]

for anyone who is able to understand german, i have an article about how to sniff the TS password with cain& abel.
http://www.heise.de/...y/artikel/61945

usch

[nolimit]

very very cool. cain and abel has always been such an awesome tool.

I was talking about capturing it from a programmatical standpoint. Basically I'm pretty sure the session is spawned in smss and the kernel, and once the credentials are verified and a security token is made the new explorer is made w/ the new session ID. In reality, there is probably many ways to capture the login. Kernel hooks, or even hooking some special functions in LSASS.exe :>

[Zalumaskov]

What you might need is a service based keylogger, I may be wrong but from I think a service will start before the login.

where can you find a service based logger? well I dunno but there are lots of great tools that can wrap exes into a service.

Here is a one by illwill
h**p://www.governmentsecurity.org/forum/index.php?showtopic=13999&hl=

you might wanna try that on your keylogger


goodluck.

[DarkRider]

Zalumaskov, on Aug 14 2005, 07:06 PM, said:

What you might need is a service based keylogger, I may be wrong but from I think a service will start before the login.

where can you find a service based logger? well I dunno but there are lots of great tools  that can wrap exes into a service.

Here is a one by illwill
h**p://www.governmentsecurity.org/forum/index.php?showtopic=13999&hl=

you might wanna try that on your keylogger


goodluck.

<{POST_SNAPBACK}>

I guess most loggers are private... but is possible for years allready :D

Search something in the order of msgina32.dll ;)

[nolimit]

haha hey DarkRider long time no talk,

anyways I was speaking of methods besides the very evasive gina stub. It's very easy to detect as it's a reg key change. Most hosters check the reg key periodically to make sure they're not being logged.

I'd much rather hook a function :)