Git Product home page Git Product logo

Comments (5)

hydrajump avatar hydrajump commented on June 12, 2024

I've also noticed this and it makes it difficult to record passwords in particular.

For example, the following screenshot was taken with Get-TimedScreenshot and shows the text that I wrote in a Word document,

image

The following is what Get-Keystrokes recorded,

"TypedKey","Time","WindowTitle"
"Document1 - Word",,"10-05-2015:21:00:58:45"
"Document1 - Word","[o]","10-05-2015:21:00:58:70"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:00:58:89"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:00:58:97"
"Document1 - Word","[Shift]","10-05-2015:21:00:59:05"
"Document1 - Word","[Shift][Shift]","10-05-2015:21:00:59:08"
"Document1 - Word","[Shift]","10-05-2015:21:00:59:19"
"Document1 - Word","[Shift][w]","10-05-2015:21:00:59:20"
"Document1 - Word","[o]","10-05-2015:21:00:59:28"
"Document1 - Word","[r]","10-05-2015:21:00:59:41"
"Document1 - Word","[r]","10-05-2015:21:00:59:47"
"Document1 - Word","[l]","10-05-2015:21:00:59:59"
"Document1 - Word","[d]","10-05-2015:21:00:59:70"
"Document1 - Word","[d]","10-05-2015:21:00:59:76"
"Document1 - Word","[Shift]","10-05-2015:21:01:02:23"
"Document1 - Word","[Shift][Shift]","10-05-2015:21:01:02:25"
"Document1 - Word","[Shift]","10-05-2015:21:01:02:31"
"Document1 - Word","[Shift][Shift]","10-05-2015:21:01:02:34"
"Document1 - Word","[Shift]","10-05-2015:21:01:02:42"
"Document1 - Word","[Shift][Shift]","10-05-2015:21:01:02:45"
"Document1 - Word","[Shift]","10-05-2015:21:01:02:55"
"Document1 - Word","[Shift][Shift]","10-05-2015:21:01:02:61"
"Document1 - Word","[Shift]","10-05-2015:21:01:02:69"
"Document1 - Word","[Shift][Shift][!]","10-05-2015:21:01:02:72"
"Document1 - Word","[Shift][Shift][!][Shift]","10-05-2015:21:01:02:75"
"Document1 - Word","[Shift]","10-05-2015:21:01:02:83"
"Document1 - Word","[Enter][
]","10-05-2015:21:01:03:22"
"Document1 - Word","[Enter][
]","10-05-2015:21:01:03:39"
"Document1 - Word","[Shift]","10-05-2015:21:01:04:81"
"Document1 - Word","[Shift][Shift]","10-05-2015:21:01:04:83"
"Document1 - Word","[Shift]","10-05-2015:21:01:04:91"
"Document1 - Word","[Shift][Shift]","10-05-2015:21:01:04:94"
"Document1 - Word","[Shift]","10-05-2015:21:01:04:98"
"Document1 - Word","[Shift][Shift]","10-05-2015:21:01:05:01"
"Document1 - Word","[Shift]","10-05-2015:21:01:05:09"
"Document1 - Word","[Shift][Shift][T]","10-05-2015:21:01:05:11"
"Document1 - Word","[h]","10-05-2015:21:01:05:23"
"Document1 - Word","[h]","10-05-2015:21:01:05:30"
"Document1 - Word","[h][i]","10-05-2015:21:01:05:33"
"Document1 - Word","[i]","10-05-2015:21:01:05:39"
"Document1 - Word","[s]","10-05-2015:21:01:05:50"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:01:05:61"
"Document1 - Word","[i]","10-05-2015:21:01:05:76"
"Document1 - Word","[s]","10-05-2015:21:01:05:89"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:01:06:01"
"Document1 - Word","[a]","10-05-2015:21:01:06:14"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:01:06:22"
"Document1 - Word","[t]","10-05-2015:21:01:06:83"
"Document1 - Word","[e]","10-05-2015:21:01:06:91"
"Document1 - Word","[e][s]","10-05-2015:21:01:06:97"
"Document1 - Word","[s]","10-05-2015:21:01:07:03"
"Document1 - Word","[t]","10-05-2015:21:01:07:09"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:01:07:31"
"Document1 - Word","[t]","10-05-2015:21:01:07:67"
"Document1 - Word","[o]","10-05-2015:21:01:07:80"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:01:07:98"
"Document1 - Word","[v]","10-05-2015:21:01:12:23"
"Document1 - Word","[e]","10-05-2015:21:01:12:55"
"Document1 - Word","[e]","10-05-2015:21:01:12:62"
"Document1 - Word","[e][r]","10-05-2015:21:01:12:64"
"Document1 - Word","[i]","10-05-2015:21:01:12:70"
"Document1 - Word","[f]","10-05-2015:21:01:12:84"
"Document1 - Word","[f]","10-05-2015:21:01:12:91"
"Document1 - Word","[y]","10-05-2015:21:01:13:06"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:01:13:14"
"Document1 - Word","[t]","10-05-2015:21:01:13:37"
"Document1 - Word","[h]","10-05-2015:21:01:13:45"
"Document1 - Word","[a]","10-05-2015:21:01:13:58"
"Document1 - Word","[a]","10-05-2015:21:01:13:66"
"Document1 - Word","[t]","10-05-2015:21:01:14:17"
"Document1 - Word","[t]","10-05-2015:21:01:14:23"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:01:14:72"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:01:14:78"
"Document1 - Word","[Shift]","10-05-2015:21:01:15:37"
"Document1 - Word","[Shift][Shift]","10-05-2015:21:01:15:39"
"Document1 - Word","[Shift]","10-05-2015:21:01:15:47"
"Document1 - Word","[Shift][Shift]","10-05-2015:21:01:15:51"
"Document1 - Word","[Shift]","10-05-2015:21:01:15:59"
"Document1 - Word","[e]","10-05-2015:21:01:15:76"
"Document1 - Word","[e]","10-05-2015:21:01:15:84"
"Document1 - Word","[e][t]","10-05-2015:21:01:15:87"
"Document1 - Word","[-]","10-05-2015:21:01:16:91"
"Document1 - Word","[Shift]","10-05-2015:21:01:17:12"
"Document1 - Word","[Shift][Shift]","10-05-2015:21:01:17:16"
"Document1 - Word","[Shift]","10-05-2015:21:01:17:22"
"Document1 - Word","[Shift][Shift][K]","10-05-2015:21:01:17:25"
"Document1 - Word","[e]","10-05-2015:21:01:17:50"
"Document1 - Word","[e]","10-05-2015:21:01:17:56"
"Document1 - Word","[y]","10-05-2015:21:01:17:81"
"Document1 - Word","[s]","10-05-2015:21:01:17:98"
"Document1 - Word","[s]","10-05-2015:21:01:18:06"
"Document1 - Word","[t]","10-05-2015:21:01:18:17"
"Document1 - Word","[t]","10-05-2015:21:01:18:23"
"Document1 - Word","[r]","10-05-2015:21:01:18:31"
"Document1 - Word","[o]","10-05-2015:21:01:18:42"
"Document1 - Word","[k]","10-05-2015:21:01:18:50"
"Document1 - Word","[e]","10-05-2015:21:01:18:58"
"Document1 - Word","[e]","10-05-2015:21:01:18:64"
"Document1 - Word","[e][s]","10-05-2015:21:01:18:67"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:01:19:61"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:01:19:69"
"Document1 - Word","[r]","10-05-2015:21:01:20:98"
"Document1 - Word","[e]","10-05-2015:21:01:21:06"
"Document1 - Word","[c]","10-05-2015:21:01:21:23"
"Document1 - Word","[o]","10-05-2015:21:01:21:36"
"Document1 - Word","[r]","10-05-2015:21:01:21:48"
"Document1 - Word","[d]","10-05-2015:21:01:21:75"
"Document1 - Word","[s]","10-05-2015:21:01:21:83"
"Document1 - Word","[s]","10-05-2015:21:01:21:89"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:01:22:76"
"Document1 - Word","[SpaceBar][ ]","10-05-2015:21:01:22:84"
"Document1 - Word","[p]","10-05-2015:21:01:23:28"
"Document1 - Word","[p]","10-05-2015:21:01:23:36"
"Document1 - Word","[p][r]","10-05-2015:21:01:23:39"
"Document1 - Word","[o]","10-05-2015:21:01:23:51"
"Document1 - Word","[p]","10-05-2015:21:01:23:72"
"Document1 - Word","[e]","10-05-2015:21:01:23:78"
"Document1 - Word","[e]","10-05-2015:21:01:23:86"
"Document1 - Word","[e][r]","10-05-2015:21:01:23:87"
"Document1 - Word","[l]","10-05-2015:21:01:24:05"
"Document1 - Word","[y]","10-05-2015:21:01:24:22"
"Document1 - Word","[.]","10-05-2015:21:01:24:75"

@obscuresec are you not experiencing this behaviour?

from powersploit.

hydrajump avatar hydrajump commented on June 12, 2024

Just came across this Twitter conversation that sheds some light on why this is happening.

Nope. I would prefer SetWindowsHookEx but that requires that a dll be loaded into the targeted processes. - @mattifestation

any keys faster than 40 milliseconds will likely be missed but polling any faster is buggy - @obscuresec

from powersploit.

obscuresec avatar obscuresec commented on June 12, 2024

I have been trying to come up with a better option, but the bottom-line is any change will have trade-offs. I am going to add the polling interval as an argument so that it can be easily changed between 30, 35, 40 and 45. Basically, everyone holds down keys differently when typing and all key-loggers that use this technique suffer from this drawback. There are a few other bug fixes I am looking to integrate after I use them on engagements. Thank you for the patience.

from powersploit.

hydrajump avatar hydrajump commented on June 12, 2024

Cool looking forward to your updates!

This is probably not relevant as the technique mentioned in this paper uses a GPU, but maybe it can offer some value.

Typically, the duration of a single keypress varies from 100 ms for faster typists, to over one second for slower typists.

As we discuss in Section 4, an interval of less than 100 ms allows the recording of all keystrokes even for fast typists, with minimal runtime overhead and without adding any contention due to consecutive accesses.

from powersploit.

avatar commented on June 12, 2024

Incorporated the idea from @obscuresec.

from powersploit.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.