Tag Archives: Security

keylogging-on-ubuntu

keylogger for ubuntu (11.04/10.10/11.10)

Keylogger or Keystroke logger is some kind of software or hardware device (or may be combination of both) that is used to track the keys struck of the keyboard (The process is called ‘keylogging’) in such a way that the person whose keyboard actions are being monitored is totally unaware of that. Therefore keylogger can be used in many situation for getting all the data entered (So if the user press any key then it will be recorded) from keyboard e.g Passwords, Credit Card, critical conversation (mail, IRC chat …) and other confidential information.

Keylogger is one of the most popular spying software in the history of computer. This post is aimed to explain about a free and open source keylogger software (desktop utility) and hardware devices that you can use on Ubuntu (11.10/10.10/10.04/11.10).

So what do you think about keylogger ? is it really illegal to monitor someone’s keystrokes (of course without permission, otherwise there will be no problem at all – In that case either the user won’t use the system or they don’t care!) ? it depends! (it can be called legal if you are not using the captured data to harm others; certainly you have full right to install such Apps or monitor keyboard activities on your computer) but in some situation it may be really useful; you can easily guess when, Right? Just Think about it.

Software Keylogger for Ubuntu

keylogging-on-ubuntu

A number of keylogging programs/applications are available for Ubuntu, and a good one that I’ve used is logkeys. Logkeys is a keylogger for Linux based operating system, it’s free and open source (hosted at Google Code). it has a lot of advanced features and it works smoothly in the background.

How to Install Logkeys Keylogger on Ubuntu

Open terminal and type the command (Enter your password if required)

sudo apt-get install logkeys

Using Logkeys to start keylogging process

Open terminal and type (it will create a log file in your current directory (most probably in your /home/your_user_name/spy.log), where your target file will be stored)

touch spy.log
sudo logkeys --start --output spy.log

Now your keylogger is running in background you can close the terminal. The output will be stored in the spy.log (it’s just for example purpose, don’t use filenames like this :) ).

kill logkeys process to stop keylogging

sudo logkeys  --kill

Reading keystrokes recoreded by keylogger

strings spy.log

Read official Documentation for more options and tutorials.

Hardware Keylogger for Ubuntu

There are many hardware based devices available for capturing keyboard events. Some of them works at BIOS level while some are based on keyboard level. They do not need any software to capture keyboard strokes, but it can’t be done remotely, because you need physical access to the computer.

(1)  4MB USB Keylogger

usb-keylogger

It doesn’t require any driver or software and works with all Linux based OS as well as with Windows XP/Vista/7. it is capable of recording all keys strokes.

Buy it from Amazon (Price : $68.99)

(2)  64K PS/2 hardware keylogger

ps2-keylogger

Buy it from Amazon (Price : $39.89)

How to protect yourself from keyloggers

Many of us uses public computer or  any computer other than your personal one, in that case there might be a keylogger running on that system. Really ? yeah! but don’t worry it’s very simple to protect from most of the keyloggers. The simple tips is to always use on-screen keyboard to enter confidential data on untrusted computers, although you should also avoid using public computer for such confidential work.

Warning!  The purpose of this post is to explain keylogging on Ubuntu! So if you use this information for illegal activities then you will be responsible. Remember, whether the keylogging is legal or illegal, it all depends on how you are using the captured data (Your Karma and intention), e.g just for learning or research => legal use; on the other hand if you use it for cracking into other accounts or stealing credit card details then of course it will be illegal.

school computer hacks

 access blocked websites

Why do you Want to Hack School Computers ?

Before going to the actual matter related to the school computers first come to the point that why do you want to hack your school computers.I don’t know why? but I am giving you the common idea i.e what are the common goals that is directly or indirectly associated with the hacking of school compuetrs(I am trying to focus on some simple reasons you may have some special reasons).

Hence in general hacking school computer means

1. To gain administrative power to do some special task(That is not permitted to general user).

2. Students want to use social networking sites like MySpace,Facebook,Orkut..etc, whose access is blocked by default in most school computers.

3. They like to play online games, it may also comes against the school policy.

4. They may like to see pornographic videos or websites,and of course accessing these sites are banned by default.

5. Students also enjoy tempering with grades but administrative power as well as little research is required depending on the security policy of school.

6. In some schools accessing internet is totally banned for student account(Very bad!…unacceptable).

7. It may be obvious some times for us because we are humans and by nature we like to violate the rules.


Now it is little bit clear that why we want to hack our schools computers.Okay lets proceed to the next step –

1. Accessing blocked sites :

This is really very simple.What you have to do is just to use proxy servers.Using proxy server your computer will be connected to the proxy servers but you will be able to accessed blocked sites via proxy server , an intermediate server-computer that will do your work.Here is the list of some websites that will work as a proxy server for you.
Some websites that I had tested on my system and working fine :Just go the website and enter the website address in the url field.

http://www.gumm.org/
http://www.facebookproxy.net/
http://clickfacebook.com/
http://www.theproxyhub.com/
http://www.orkutproxy.info/
http://www.proxyfoxy.com/

Alternative Method : Get the IP address of the website i.e is blocked.Now try to connect using different form of IP address by typing in to your browser’s address bar.Type http and https interchangeably, sometimes it works.You can use the calculator(Click view scientific) to convert the number fr0m decimal to binary or decimal to hexadecimal.
e.g : http://ww.xxx.yy.zz  or https://ww.xxx.yy.zz
http://binary_equivalent
https://binary_equivalent
http://hexadecimal_equivalent
https://hexadecimal_equivalent
http://octal_equivalent
https://octal_equivalent
http://dword_value
This method will work if your school computers use DNS(Domain Name System) based protection.So if you can  edit the dns mapping files that stores on the system(may be in each computer or centrally managed by the administrator) and used by  browsers to look up the domain-IP table;then also you would be able to use blocked websites.

2. Hacking administrator account :

There are many methods to gain administrative power or to access or temper with all the important files on the system.To do this one of the simple method is to use a live cd or pendrive(It is simple.because what you have to do is to download the ISO file and burn it on a CD or you can make your pendrive bootable by following some simple steps) having any linux distribution installed(such as Ubuntu or linux Mint).

Switch on the computer and insert the live bootable cd into the tray.Now booting will be start fr0m live cd instead of hard drive(By default,in special cases press F2 or F10 or F8 to change the booting options so that computer will boot fr0m live cd or pendrive).Since the linux is able to mount all the major file systems format like NTFS,FAT16 or FAT32.Booting andloading will complete within two to five minutes.So after loading the linux into the computer’s RAM you will be able to mount and use or temper with the whole hard disc.Now you are done.Do whatever you want and after shutting down remove the cd fr0m the tray and the windows operating system will work as normal.(Assuming that you didn’t temper with the windows system file..Remember this point and be careful).

What will we do if the BIOS password is installed in the system : In general it is not the case but if it occurs then first try some default BIOS password.You can get the list of Default BIOS password on the internet after getting the name and version of the BIOS,that you will see at the time of booting.You can also try to reset the BIOS by opening the CPU case,Find the lithium Ion battery(having round shape like a silver coin).Now remove the battery and again put it in the same place after 60 seconds.
Some common passwords includes :
AMI  cmos  Biostar   BIOS  setup  password
Award  AWARD_SW  lkwpeter  AWARD_PW  AMI!SW1
j322 h6BB CONDO condo admin 589721
award_? 1322222 256256 ?award Compaq  last
AM AMI~ ascend  djonet  autocad  BIOSPASS
AMIPSWD  SZYX  zbaaaca  TzqF  t0ch20x

Alternative Method : In old versions of windows you can also use simple commands to gain administrative power at the login promopt.This can be simply done by editing the system files which stores the login information.Follow these steps :

1. At the time of booting press F8 a boot menu will come on the screen,choose DOS.

2. Now you can change your working directory by using cd command.

C:\ cd windows

3. Next,type the command to rename .pwl extensions which contains the login information.

C:\windows>ren *.pwl *.pqr

4. Now restart the computer in normal way and type anything in the password place(when the login promopt will appear)You hacked! and know enjoy the administrative power.(in this method the windows will take this password as actual).

   Credit : RKJHA

What is sniffing|sniffers?

Sniffing is the simple process in which the network interface card is used to receive and monitor data that is not intended for that machine.The device or software that does sniffing are known as sniffer or more simply a network analyzer.Sniffing programs are very useful in gathering sensitive information like telnet username and password,ftp username and password.,credit card numbers,bank account details..and so on.Hence sniffing techniques are widely used by the attackers and hackers to monitor the key information that the hacker is interested in.In a network all the NIC(Network Interface card) have the unique mac(Media Access Control) address.In general the NIC responds to that packets only which contains its own mac address in the frames destination field or the broadcast address in the destination field.Network Interface cards also supports a mode known as promiscuous mode,in which it can receive all data packets and traffic that travels across the network.In promiscuous mode NIC generates a hardware interrupt to the CPU every packet’s frame they encounter(instead of the only the frames having the mac address or broadcast address)s.So the sniffer puts the NIC in to the promiscuous mode and capture/monitor the data packets traveling around the network by passing the all traffic to the operating systems TCP/IP stack.Hence a sniffer or network analyzer is also helpful in troubleshooting the networks and used by the network administrators.

Why sniffing threatens network security?

The sensitive information that can be collected by sniffers are :
1. Passwords(eg.ftp,telnet,pop,imap.. loging password)
2. Bank account numbers
3. Any other Private data
4. Low level Protocol Information

Some common Sniffing softwares(sniffers)

* dsniff
* Esniff.c
* TCPDump
* sniffit