Friday, June 2, 2017

How to Hack Passwords Using a Hardware Keylogger

Did you know that using a keylogger is the simplest way to hack passwords?. In this post, I will be giving you a detailed information on hardware keyloggers and their working. I will also teach how to make use of a hardware keylogger to hack passwords on your computer. If you are new to the concept of keyloggers or haven’t heard about this topic in the past, then here is a brief description about keyloggers.
keylogger or sometimes called as a keystroke logger is a stealth computer program or a stealth device (in case of a hardware keylogger) that when installed, captures every keystroke typed on the computer’s keyboard. The keylogger is designed to operate in a total stealth mode so that its presence is hidden from the users of the computer.
A keylogger can be installed by the owner of the computer to capture passwords and other sensitive information that the user types on the keyboard. Keyloggers come in two forms: Software and Hardware.
software keylogger is a software program that needs to be installed on the computer while the hardware keylogger is a hardware device that needs to be plugged in between the computer and its keyboard. For more information on software keyloggers and their usage, you may refer my previous post: How to use Keyloggers?

How Hardware Keyloggers Work?

Unlike the software keylogger, a hardware keylogger do not depend on any of the software program for its operation as they function at the hardware level itself. A hardware keylogger acts as an interface between the computer and the computer’s keyboard. The device has a built-in memory in which all the recorded keystrokes are stored.
They are designed to work with PS/2 keyboards, and more recently with USB keyboards. A hardware keylogger appears simply as a USB thumb drive or any other computer peripheral so that it does not arouse suspicion in the minds of the users. Therefore by looking at its appearance it is not possible to identify it as a keylogger. Here are some of the images of hardware keyloggers:

How to Install the Hardware Keylogger?

The hardware keylogger must be installed between the keyboard plug and the USB or PS/2 port socket. That is, you have to just plug in the keylogger to your keyboard’s plug (PS/2 or USB) and then plug it to the PC socket. The following image illustrates how the hardware keylogger is installed.

Once you install the hardware keylogger as shown above, it starts recording each and every keystroke of the keyboard including passwords and other confidential information. The keystrokes can be retrieved later by downloading the logs onto the hard drive.
[alert-info]Hardware keyloggers are also known to come in the form of a spy keyboard where the keylogger unit is built into the keyboard itself. This will eliminate the need to install a separate device between the keyboard and the computer.[/alert-info]

Hardware vs. Software Keylogger:

The following are some of the pros and cons of hardware keylogger:

Pros:

  • Hardware keyloggers are easy to install and uninstall.
  • Since it operates at the hardware level itself, it is fully compatible with all the operating systems like Windows and Unix.
  • Unlike a software keylogger, it cannot be detected by anti-spywares and anti-keyloggers.

Cons:

  • Hardware keyloggers are only limited to capturing keystrokes while a high-end software keylogger can capture screenshots, browser activities, IM conversations and many more.
  • Physical access to the target computer is a must in order to install the hardware keylogger, whereas some software keyloggers come with a remote install/uninstall feature.
  • In case of a software keylogger, it is possible to access the logs remotely as they are emailed on a regular basis while this is not possible in case of a hardware keylogger.
Thus, both hardware and software keyloggers have advantages and disadvantages of their own. So, it is up to the user to make a choice based on the requirement.

No comments:

Post a Comment

SQL Injection to WebShell

An SQL Injection attack is not only limited to dumping a database, but can also allow the attacker to upload files to the remote server an...