Sometimes one pentester can remotely access the machine of a user, but may not have the user's password. Maybe the user has a very long complex password that would take a long time to crack.
The meterpreter στο Metasploit Framework έχει πολύ μεγάλη χρησιμότητα για τη λήψη όσων πληκτρολογούν σε ένα απομακρυσμένο μηχάνημα. Θα ξεκινήσουμε με ένα σύστημα στο οποίο έχουμε ήδη εκτελέσει ένα exploit και καταφέραμε να δημιουργήσουμε μια απομακρυσμένη συνεδρία (session) με το Metasploit. Συνδεθήκαμε στο session με το session command και τώρα βρισκόμαστε στη γραμμή εντολών Meterpreter.
We will start with a system in which we have already run an exploit and managed to create a remote session with Metasploit. We connected to the session with the command " And now we are at a Meterpreter command line.
We have already seen how easy it is to hack a Windows machine with the help of Metasploit Framework. Once you receive a session, you can easily use the built-in keylogger to spy on users.
Once in the session, enter “Sysinfo”To see the information of its operational target.
After that type “ps”In your terminal, to see all the current processes in the windows machine you have in Metasploit.
Here in the screenshot above, you can see the process ID explorer.exe is the 772 we need before we start the section with the keylogger.
To check the current process ID where you will enter your payload, enter “getpidOn the same console. Now type “ ”To migrate the process from the current PID to Explorer.exe PID.
So let's go ahead and see what it looks like when we start a remote keylogger. We will see the captured key strokes. Just type “keyscan_start”To start remote recording.
Now we just have to wait until our victim types something on the keyboard. For example, go ahead and open your Windows browser and try to sign in to your account at Facebook.
Now go back to Kali and to see what was typed, just type “keyscan_dump"
And to stop the keylogger, you can use the command "keyscan_stop".
Key scan automation with Lockout Keylogger
Now, it would be great if we could automate this process. I mean, you do not really want to sit there and hang out until the user leaves the system?
You could lock his desktop and have him log in again, but this is very suspicious.
What if you could find the Meterpreter automatically and migrate to the winlogon process, scan the computer idle time, and automatically lock the user's system?
Meet the “Lockout_Keylogger", An amazing script from CG and Mubix. You must start with an active remote session with system level privileges.
Now just type, “background” to return to the session and to message by Meterpreter. Type, “
Set the session number in our active session (1 in our example), so “set session 1".
Also, define her price PID as per the screenshot below. Then type “exploit"
Lockout_Keylogger automatically finds the Winlogon process and goes to it. The program then starts monitoring the idle time of the remote system.
In about 300 seconds of inactivity, Lockout Keylogger tries to lock the user's desktop remotely. Sometimes it fails and tries to lock it up again.