Time for our last group lab. Despite what I said before, I do believe SecNet will be usable for this exercise. I require only one submission per group, so if you have your own Linux install, you may use it instead of SecNet if you can show the group what you're doing. Adjust your answers below accordingly.
We will be checking out a Linux based keylogger; while you are unlikely to see one of these for Linux "in the wild," this will give you some practice in a number of different useful skills — the first will be "compiling a program from source."
First, you'll need to grab some "build" tools, which are used to turn source code into binary. This should get what you need:
sudo apt-get install build-essential autotools-dev automake git
Git is an especially important tool to know about, it's used heavily among programmers for version control and distribution of source code. We will clone a git repository and compile the keylogger:
git clone https://github.com/kernc/logkeys.git
Now comes the process of actually "building" and installing the program. You can look more into the details on how compiling actually works, but suffice to know that what you're doing here is insuring that your computer has everything it needs to "custom build" the program so it fits your system, doing the actual building, and then installing it so it works. Do the next commands one at a time (every character is important)
FIRST, CD INTO THE "LOGKEYS" DIRECTORY, I FORGOT TO PUT THIS BEFORE, APOLOGIES
Then issue the following commands
./autogen.sh cd build ../configure make sudo make install
You should be good to go. First try
logkeys -help or man logkeys to get info
- Screenshot here to show me that you've gotten this far.
Okay, lets fire it up:
sudo logkeys -s
Now type 3 or 4 commands of your choice, and eventually stop the thing, with
sudo logkeys -k
Now, take a look at the log file, which should contain a recording of keystrokes with, e.g.
sudo less /var/log/logkeys.log
- Screenshot these results REGARDLESS of what happened.
Strong chance this may not be what you're expecting ☺ esp if you're using SecNet.
- Before going further, give an educated guess as to what's happening here.
At this stage — it's your job to precisely track down and to get a record of some your own keystrokes (or any keystrokes)
If you did get some already, good — but either way, lets continue here:
Remember, everything in Linux is a file — including input sources.
- What file(s) are the input sources, or precisely, in what folder will you find these? The man pages of logkeys (or perhaps just google) will give you a clue.
Okay, time for a little bit of brute forcing. If you read the man pages, you'll see that there is a way to get logkeys to "listen" on different devices. Using logkeys, figure out which device corresponds to the typing you are doing. In other words
- Start logkeys for a device
- Type some stuff to check (you may want to type something clear, like "this is device one 1 etc, even if it is not a valid command — remember we're not grabbing commands or results, but actual keys pressed)
- Stop and check the logs
- Which device appears to at least have partially worked? (i.e. shows SOME output captured, even if it looks weird. Screenshot it.
Yeah, about that output. Also probably not what you're expecting. Try this. If you've done only commands, lets run another little test.
Start your logger on the correct input and type a recognizable stream of numbers, eg 123456789
Check your logs again.
- Finally, visit the projects page and read up. You don't have to fix the problem --- but, presuming you are seeing output, but it's "wrong" — explain to me why its wrong and what you'd have to do to fix it.