Penetration Testing: Re: Keystroke logging

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Keystroke logging

From: Joachim Schipper <j.schipper () math uu nl>
Date: Sun, 3 Jul 2005 00:50:30 +0200

On Fri, Jul 01, 2005 at 05:52:49PM -0700, ChayoteMu wrote:

This is mostly a question of curiosity. For the option of using a
proxy would it be possible to SSH to the proxy then generate a new SSH
from the proxy to the PC your getting into, and have the proxy log all
info that way? It may not be doable for all situations because I
figure you'd need to setup a hardend proxy on the network for that,
but as I said, I'm mainly curious if that would work.


Yes, using a double ssh command this can be done. You *will* need to
forward the ssh agent, though, which isn't all that secure. Plus it
introduces one more vulnerability in the SSH chain.

                Joachim

By Date By Thread

Current thread:

Re: Keystroke logging - mouse, (continued)
- Re: Keystroke logging Kurt Keys (Jul 01)
  - RE: Keystroke logging Guillaume Vissian (Jul 01)
    - Re: Keystroke logging ChayoteMu (Jul 01)
    - Re: Keystroke logging Joachim Schipper (Jul 02)