Well, If you are a regular reader of this blog the chances are very less that you might not know about keyloggers as I have not written about it. However in this post I will guide you on simple ways to use a keylogger inside Metasploit once you have opened up a meterpreter session with victims computer. For those of you who don't know what metasploit is kindly refer the book hd.powersat.org/Trainings/MetasploitGuide.pdf"
What is a Meterpreter?
Basically a meterpeter is a simple type of interface which helps us in compltety automating the exploitation process. If you would like to learn further about meterpreter kindly do a google search.
Requirements
In this case I am using metasploit framework from backtrack 5, Backtrack 5 is an awesome linux distro which is specially dedicated to hackers and penetration testers, I have used Social Engineering Toolkit to utilize a browser autopwn in order to open up a meterpreter session on the victims computer.
Step 1 - Before we start the keylogger and start capturing logs, we would need to migrate explorer.exe process as we don't want the our exploit to get closed, In order to migrate the process we would need the PID of the process, In order to get the PID type "PS" on the command line.
Step 2 - Once you know the exact process PID type "Migrate" command along with with the PID so incase if the PID is 1372, you will type "Migrate 1372"
Step 3 - Now just type "Keyscan_start" to start the keylogger.
Step 4 - Now just sit back and relax, In order to harvest keystores all you need to do is type the "Keyscan_dump" command.
Requirements
- Metasploit Framework
- BackTrack 5
- A Meterpreter session opened on a box
In this case I am using metasploit framework from backtrack 5, Backtrack 5 is an awesome linux distro which is specially dedicated to hackers and penetration testers, I have used Social Engineering Toolkit to utilize a browser autopwn in order to open up a meterpreter session on the victims computer.
Step 1 - Before we start the keylogger and start capturing logs, we would need to migrate explorer.exe process as we don't want the our exploit to get closed, In order to migrate the process we would need the PID of the process, In order to get the PID type "PS" on the command line.
Step 2 - Once you know the exact process PID type "Migrate" command along with with the PID so incase if the PID is 1372, you will type "Migrate 1372"
Step 3 - Now just type "Keyscan_start" to start the keylogger.
Step 4 - Now just sit back and relax, In order to harvest keystores all you need to do is type the "Keyscan_dump" command.
0 comments :
Post a Comment