Walleye and keylog data extraction

Hi All,

I installed Sebek in a windows XP box, I tried to test the
key logging capabilities of sebek by doing the following:

1- Opened a wordpad and typed some dummy data
2- Did the same thing with notepad
3- logged in into a yahoo mail account and typed user name
and password

Unfortunately when I try to view the collected data in
walleye, I couldn't spot anything related to the supposed
keylogged data. I'm just getting various TCP, UDP, and http
connections. 

Could any one if:
a- It's possible to get the keylogged data?
b- if yes then how and where

The version of Sebek I'm using is 3.0.4 

Thanks in advance
Omar

if I am mistaken sebek does socket tracking, so you
would need to open a socket to the hp via a remote
machine. 

the honeywall will only track "sebeked" flows
going
through the honeywall from external to internal. you
would need to throw an exploit at the machine and get
a reverse shell.

hope this helps

Seamus

--- omarmdxyahoo.co.uk wrote:

> Hi All,
> 
> I installed Sebek in a windows XP box, I tried to
> test the key logging capabilities of sebek by doing
> the following:
> 
> 1- Opened a wordpad and typed some dummy data
> 2- Did the same thing with notepad
> 3- logged in into a yahoo mail account and typed
> user name and password
> 
> Unfortunately when I try to view the collected data
> in walleye, I couldn't spot anything related to the
> supposed keylogged data. I'm just getting various
> TCP, UDP, and http connections. 
> 
> Could any one if:
> a- It's possible to get the keylogged data?
> b- if yes then how and where
> 
> The version of Sebek I'm using is 3.0.4 
> 
> Thanks in advance
> Omar
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection
around 
http://mail.yahoo.com