Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.
Course Of The Month
3 days, 18 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
need to sneak keylogger onto XP home PC...
Posted on 2004-03-21
I need to sneak a keylogger onto an XP home PC...
I'm working for a client who has a 17 yr old (minor) daughter. The daughter has an XP Home PC with NTFS and one account name which is the Administrator account. The daughter bought the PC so basically has control over it. The mother needs to surreptitiously monitor the daughter's email and chat. The situation involves a boy at another school making Columbine-like threats. The parents of other involved kids are communicating about it and each is monitoring their kid's involvement with this one child before they go to the police.
There is a password on the account so we can't get in without the daughter knowing it. I have NT Commander which will change the password, but we can't tip off the daughter. I did ghost the hard drive and then change the password on the copy, and installed it as master and booted off it. We looked at Internet History because the mom is also concerned about drug, alcohol and occult involvement, so we checked where she's been online. But what we really need now is to monitor her email and chat sessions to this boy.
She has a usb keyboard, so a hardware keylogger is out. I understand that they don't make them for usb keyboards. Is there such a thing as a "trojan"-like (not a virus) keylogger software that the parent could give to the kid with the pretext it was a gift and the kid would install it (maybe its a game or screensaver) and it also would contain a hidden keylogger that could save data that the guest account could access, or it would stealthily email info out?
Wondering how anyone else might have handled a similar situation.
Thanks in advance
I'm working for a client who has a 17 yr old (minor) daughter. The daughter has an XP Home PC with NTFS and one account name which is the Administrator account. The daughter bought the PC so basically has control over it. The mother needs to surreptitiously monitor the daughter's email and chat. The situation involves a boy at another school making Columbine-like threats. The parents of other involved kids are communicating about it and each is monitoring their kid's involvement with this one child before they go to the police.
There is a password on the account so we can't get in without the daughter knowing it. I have NT Commander which will change the password, but we can't tip off the daughter. I did ghost the hard drive and then change the password on the copy, and installed it as master and booted off it. We looked at Internet History because the mom is also concerned about drug, alcohol and occult involvement, so we checked where she's been online. But what we really need now is to monitor her email and chat sessions to this boy.
She has a usb keyboard, so a hardware keylogger is out. I understand that they don't make them for usb keyboards. Is there such a thing as a "trojan"-like (not a virus) keylogger software that the parent could give to the kid with the pretext it was a gift and the kid would install it (maybe its a game or screensaver) and it also would contain a hidden keylogger that could save data that the guest account could access, or it would stealthily email info out?
Wondering how anyone else might have handled a similar situation.
Thanks in advance
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
2-
2
- +2
10 Comments
No doubt about it - contact the police department
The can get a judge to give them a lawfull way of sneaking at your daugthers and the other involved kids, and the boy at another school.
I hope that they can stop it, before your clients daughter is getting hurt.
Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark
:o) Your brain is like a parachute. It works best when it's open
The can get a judge to give them a lawfull way of sneaking at your daugthers and the other involved kids, and the boy at another school.
I hope that they can stop it, before your clients daughter is getting hurt.
Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark
:o) Your brain is like a parachute. It works best when it's open
Hmmm. Okay. Well, I don't know that there is enough to go to the police yet, that is why my client contacted me, to try to help her do some looking. So, if anyone has some suggestions to this problem.. much appreciated
There was 2 reason that I adviced you to contact the police.
1. Read above
2. It's compromizing the rules for experts on this forum. So you and we has got a problem. We understand and would like to help, but we aren't allowed to advice on how to break security on windows systems. I trust you, but a hacker could anonymously write the same question...
According to Expert-Exchange Member Agreement - 3. Guidelines for Use - It's not allowed
http://www.experts-exchange.com/memberAgreement.jsp
Start with contacting the police, and hear what they say about it.
1. Read above
2. It's compromizing the rules for experts on this forum. So you and we has got a problem. We understand and would like to help, but we aren't allowed to advice on how to break security on windows systems. I trust you, but a hacker could anonymously write the same question...
According to Expert-Exchange Member Agreement - 3. Guidelines for Use - It's not allowed
http://www.experts-exchange.com/memberAgreement.jsp
Start with contacting the police, and hear what they say about it.
Here is a commercial product you may have a look at using.
http://www.omniquad.com/
I would, however contact an attorney to find out the legality in using this product in a home environment.
Joel
http://www.omniquad.com/
I would, however contact an attorney to find out the legality in using this product in a home environment.
Joel
Active 5 days ago
Sniffing the network is not aa invasive- and not easily detected... if the mom has her own computer... you could put ethereal (with libpcap) on it, and buy a hub to share the connection with the daughter. You can see all the plain-text that goes across the wire, as well as the destination of the email's...
or
You could dump the hash off the ghosted HD with a boot floppy (search for "offline NT password & registry editor") (i don't recommend it on the original pc) you could put that hash into a cracker and crack it... or reset the pass (not before writing down the hash of the accounts on the box first- that floppy can tell you the current hash) thenyou could reset it to what you'd like, and when your done, put the hash back in just as it was. If there is not antivirus software, then a keylogger of your choice... ghost key logger... in theory
-rich
or
You could dump the hash off the ghosted HD with a boot floppy (search for "offline NT password & registry editor") (i don't recommend it on the original pc) you could put that hash into a cracker and crack it... or reset the pass (not before writing down the hash of the accounts on the box first- that floppy can tell you the current hash) thenyou could reset it to what you'd like, and when your done, put the hash back in just as it was. If there is not antivirus software, then a keylogger of your choice... ghost key logger... in theory
-rich
Trywaredk: I don't see where it's compromising any rules. If you read my question carefully enough you'll see I'm not asking anyone to advise me on how to break security, either explicitly or implicitly. I simply asked if there was software out there that seemed like one thing to the recipient but had a hidden objective for the purpose of monitoring a minor. If the answer is no, then it's no. I appreciate your good intentions, but I think your admonitions are a little off base in this instance.
zombieooo: thanks. I took a quick look and didn't see how I could get that on the PC without the daughters password. I will look further though.
richrumble: two good ideas. The first is not practical for this situation, but good nonetheless. The second is a possibility. That is a very good suggestion. The only part I'm not familiar with is putting the hash back as it was. How is that done?
zombieooo: thanks. I took a quick look and didn't see how I could get that on the PC without the daughters password. I will look further though.
richrumble: two good ideas. The first is not practical for this situation, but good nonetheless. The second is a possibility. That is a very good suggestion. The only part I'm not familiar with is putting the hash back as it was. How is that done?
Active 5 days ago
IF you serach for that phrase, in theory you'll find a floppy boot disk that can tell you what the current hash's are, let you reset them, and then place them back if you wrote them down- never disable syskey with a "theoritical" boot floppy, as that step is never necessary. Read instrctions carefully, and test on a machine you care nothing for so you get it right :) Instructions should be there on the top result from that search.
-rich
-rich
Active today
Wow, I can relate. I actually had some problems with my teenagers on IM and chat, so we finally told them that we are going to monitor them and their friends. We ALL get monitored at work, so it's no big deal. I don't care if she paid for the computer..she is still a minor and the parent still has responsibility to supervise all activity.
On that note, we use two different programs:
IM Grabber will keep logs of most instant messages, but the kids can turn it off too easily, and it craps out
http://www.bitsplash.com/imgrabber/
I love kiddefender, as it grabs chat, IM AND all web sites. Kids can not turn it off. In addition, you can install it on other computers (like at work) and monitor LIVE REAL TIME. Let's you block certain im'ers too
http://www.kiddefender.com/press/082003.html
Finally, I didn't have much luck with beAware, but you might
http://www.ascentive.com/run/click/@426340574732/
Good luck, and don't wimp out. It's a crazy place out there. Police cant do anything until there is blood or something concrete!
Karen
On that note, we use two different programs:
IM Grabber will keep logs of most instant messages, but the kids can turn it off too easily, and it craps out
http://www.bitsplash.com/imgrabber/
I love kiddefender, as it grabs chat, IM AND all web sites. Kids can not turn it off. In addition, you can install it on other computers (like at work) and monitor LIVE REAL TIME. Let's you block certain im'ers too
http://www.kiddefender.com/press/082003.html
Finally, I didn't have much luck with beAware, but you might
http://www.ascentive.com/run/click/@426340574732/
Good luck, and don't wimp out. It's a crazy place out there. Police cant do anything until there is blood or something concrete!
Karen
I think these two posts fro richrumble are probably my solution, however I'm unable to try it out because the customer is satisfied with looking through the History on the browser. If I did have to go the next step, this is probably what I would've done. Thank you!:
=============
You could dump the hash off the ghosted HD with a boot floppy (search for "offline NT password & registry editor") (i don't recommend it on the original pc) you could put that hash into a cracker and crack it... or reset the pass (not before writing down the hash of the accounts on the box first- that floppy can tell you the current hash) thenyou could reset it to what you'd like, and when your done, put the hash back in just as it was. If there is not antivirus software, then a keylogger of your choice... ghost key logger... in theory
-rich
IF you serach for that phrase, in theory you'll find a floppy boot disk that can tell you what the current hash's are, let you reset them, and then place them back if you wrote them down- never disable syskey with a "theoritical" boot floppy, as that step is never necessary. Read instrctions carefully, and test on a machine you care nothing for so you get it right :) Instructions should be there on the top result from that search.
-rich
=============
You could dump the hash off the ghosted HD with a boot floppy (search for "offline NT password & registry editor") (i don't recommend it on the original pc) you could put that hash into a cracker and crack it... or reset the pass (not before writing down the hash of the accounts on the box first- that floppy can tell you the current hash) thenyou could reset it to what you'd like, and when your done, put the hash back in just as it was. If there is not antivirus software, then a keylogger of your choice... ghost key logger... in theory
-rich
IF you serach for that phrase, in theory you'll find a floppy boot disk that can tell you what the current hash's are, let you reset them, and then place them back if you wrote them down- never disable syskey with a "theoritical" boot floppy, as that step is never necessary. Read instrctions carefully, and test on a machine you care nothing for so you get it right :) Instructions should be there on the top result from that search.
-rich
Featured Post
You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.
With xMatters, you'll never miss a beat.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
OfficeMate Freezes on login or does not load after login credentials are input.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month3 days, 18 hours left to enroll
691 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.