GiacomoLaw
commented
6 years ago Could you go into a little detail?
Open Dagdelo opened 6 years ago
GiacomoLaw
commented
6 years ago Could you go into a little detail?
Dagdelo
commented
6 years ago Sorry for English. It's as simple as that: the program does not catch the program's keystrokes (in this case the Chrome browser) open with administrator privilege. It only proceeds to capture if the program has the same privileges.
GiacomoLaw
commented
6 years ago But when you have Chrome with admin permissions don’t you need to run it with admin permissions?
Dagdelo
commented
6 years ago Yes! I'm just trying to say that the program only registers with equivalent or higher permissions. In case the browser is at the admin level and the program is not, it does not register.
ignis-sec
commented
6 years ago I don't think this is a bug, but rather how windows hooks are supposed to work. As far as i know you can only hook to a process with equal or less privilage level
Dagdelo
commented
6 years ago I don't think this is a bug, but rather how windows hooks are supposed to work. As far as i know you can only hook to a process with equal or less privilage level
I have to agree. So a new feature 'bypass uac'/escalate privileges is necessary.
ignis-sec
commented
6 years ago I have to agree. So a new feature 'bypass uac'/escalate privileges is necessary.
I have to disagree again, does anyone even question when an exe asks for admin privilages? I say go for it, just ask it yourself, i bet 99% of the times people are going to give it.
Dagdelo
commented
6 years ago I have to disagree again, does anyone even question when an exe asks for admin privilages? I say go for it, just ask it yourself, i bet 99% of the times people are going to give it.
So here we differ. Leveling underneath is wrong, underestimate the target is a step to be detected and have your payload being sent to the virustotal.
It logs everything from other open windows without being as admin. But it only logs open windows as admin if the program is opened as admin.