Monday, 10 June 2013

Password hacking with key logging


[*]Let me take my first chance to invite you into the World Of Hacking..

On the very first day of our learnining about the COMPUTER; I will start my word with “PASSWORD”. As all of us know the most complicated & Important Word about Computer is; ofcourse the PASSWORD.

In this post; I will let you; take the power of acquiring PASSWORDs with the Technique called KEY LOGGING.So what’s the KEY LOGGING?

By the name it implies KEY LOGGING is the method in which the Intruder will trick the computer/ User to unknowingly leave their shadows of activities(Key Strokes) with Key Board Keys.

KeyLogger is a program / device which will act as a junction point in between key board & Operating system which will stealthely records all Keyboard activities like key typed in & shortcuts used.

Keyloggers also provide a facility of screen capturing. With this feature; when the steal mode of key logger is on; you can capture not only the keystrokes but also Windows/ programms opened & URLs browsed & much more.

Let’s take a break now..

When I talk about the KEY LOGGING; there might be raising hands to ask me a question that “Can we track the PASSWORDS too”?

The Answer is YES in most of Instances; but not all cases.

What I mean by Instance is when we deal with the HTTP/ HTTPS based Form data (The Website which is hosted on HTTP hold the port 80). The Web site which is hosted on HTTP port is highly vulnerable to KEY LOGGING Attacks. In HTTP Browsing; by the method the Client browser follows to send the form data ( Ex:- User Name & Password ) to the web server requesting is in the form of simple text format.I.e. if I login to a MAIL Website. Let us say http://www.XYZ.com/; with the id as user1 & password as Don’t look at Me..The client browser will forward the same data to the web server of http://www.XYZ.com/ in a clear text form without any encryption; so that this data will be highly vulnerable to Network Listening Intruders, Phishing Sites & also key Loggers.

But in HTTPS browsing; The client browser will encode the form data before transmitting them to the http://www.XYZ.com/ web server over network ; so there is less chance to track the passowrd with Network Listening Intruding Techniques or phishing sites. But obviously there is a [quote][/quote]good chance to track these passwords with KEY LOGGERs. Fake Sites will not work in HTTPs.OK fine..

But what are those exceptional cases. Yes!! Coming to the point ..

The Windows Authentication method will not allow the Key Logging.

That’s mean when we are entering our username & password to enter into the system; the Operating System will not run the Key Logging software to capture these passwords.

So less chances to get hacked with Windows Logon Procedure.In order to avoid KEY LOGGING; we may use Anti-Loggers & necessary skills are needed by the Network admin to face this kind of attacks. Also the sharing of information to end-users in corporate will work in a greater deal.Hope You Enjoyed the Post. Don’t forget to share your feedback.

Regards,
Securityroot
White hat community

0 comments:

Post a Comment