Hacking a computer while having physical access to it

[Anon]

Let's say I have physical access to a computer (with Win XP) with admin priviledges. I'd like to install a stealthy program that can take screenshots of the computer about every 30 seconds and that they be stored on this computer. De-activating the anti-virus won't be a problem to Install the program, but I want that once the anti-virus is re-activated it doesn't detect the installed program.
The program should make a completely hidden (not to be detected with the "don't hide files and folders" setting checked...) folder with the screenshots files (.jpg) in it.
I also want to be able to uninstall the program without any issues after I'm done.
A keylogger included would definitely be a plus, althought it's not necessary
The program and its whole operation must be extremely stealthy

I'm not asking for something exactly like my detailed explanation (althought it would be pretty awesome if someone delivers...), I'm just asking for pointers on how to do this.

Thanks.

[Dr Gonzo]

I can't recommend a specific application for the screenshots/keylogging, however I can offer some advice on the antiVirus problem.

Just make sure to name the apps indiscriminately, and add them to the antiVirus/firewall Exception list.

As far as hiding the files goes, don't worry about that. Just make sure to hide them deep within the depths of Microsofts file structure. IE:

Code:

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust

You don't seem to have taken the retrieval of the images/keystrokes into concideration. I'll suggest either tightVNC or netCat. NC will be detected, however if you're adding exceptions to the antiVirus/firewall, then that should be ok. NC if you don't mind a CLI, tightVNC if you prefer a GUI.

For logging keystrokes through software, I have no experience here, but everyone on this board normally suggests 'Ardamax' keylogger. I normally suggest the hardware keylogger option, but then again, once you've paid for something, you do tend to become slightly biased..


The only reason I suggest creating some remote access to the machine, is because that way if something goes wrong, you can fix it from home. Rather than finding out a month down the line, that you haven't logged a single JPG.

I'll leave it to everyone else to provide apps on screenshotting. Ardamax might do it actually, but I've never tested it.

http://www.tightvnc.com/download.html
http://netcat.sourceforge.net/download.php
http://www.ardamax.com/keylogger/
http://thepiratebay.org/torrent/4392....9.Incl.Keygen
[Install in a VM first, and monitor packets, just to make sure nothing dodgy is going on.]