Another hack-a-hack attack

So, I blogged about it here, initially. This week I’ve been playing with keyloggers. I had my keyloggers setup on win2k3 and winxp machines and I was accessing them via RDP. I made the mistake of keeping my RDP session nailed up. A few days later, I note tons of entries being displayed within the keylogger GUI. Of course, since the clipboard auto-synchs between the client machine and the RDP server, the keylogger on the virtual machine had been logging the clipboard contents from my home machine. I had been doing tons of code edits, so every cut-and-paste was captured and displayed by the keylogger software. Pretty embarrassing!

Now, what would I find if I setup a machine on a stub network, installed a keyboard logger, and let the hackers come on in? For everyone attaching to my machine, I would be snagging their clipboard. That might be interesting data.

!Dmitry

Share
  • MC

    Hi Dmitry,
    I was just curious to know what keylogger are you using that is able to log rdp sessions?
    Regards,

    /MC

  • http://www.securitybrigade.com/ Yash Kadakia

    MC,

    any tool that is capable of logging the clipboard should suffice.

    Since the clipboard syncs and the goal of this hack is to steal the users clipboard data.

  • claudio

    > Now, what would I find if I setup a machine on a stub network,
    > installed a keyboard logger, and let the hackers come on in? For
    > everyone attaching to my machine, I would be snagging their
    > clipboard. That might be interesting data.

    Hem, isn’t this done since years on honeypots?

  • dmitryc

    I’ve always thought that honeypots logged keystrokes and screenshots on the virtual machine…I never thought that they targetted the clipboard of the hackers home machine….

    I don’t claim to be a honeypot expert, so it’s a good question and maybe someone with more knowledge can answer?

  • claudio

    Sorry, I totally missed your point. You’re right about honeypots. About sending keyloggers to attackers of your honeypot… it is usually illegal, as most “conterstrike-like” activities.