Use Keylogger in Metasploit Framework

Sometimes one can remotely access the of a user, but may not have the user's password. Maybe the user has a very long complex password that would take a long time to crack.

The στο Metasploit Framework έχει πολύ μεγάλη χρησιμότητα για τη λήψη όσων πληκτρολογούν σε ένα απομακρυσμένο μηχάνημα. Θα ξεκινήσουμε με ένα σύστημα στο οποίο έχουμε ήδη εκτελέσει ένα exploit και καταφέραμε να δημιουργήσουμε μια απομακρυσμένη συνεδρία (session) με το Metasploit. Συνδεθήκαμε στο session με το session command και τώρα βρισκόμαστε στη γραμμή εντολών Meterpreter.

We will start with a system in which we have already run an exploit and managed to create a remote session with Metasploit. We connected to the session with the command "  And now we are at a Meterpreter command line.

We have already seen how easy it is to hack a Windows machine with the help of Metasploit Framework. Once you receive a session, you can easily use the built-in keylogger to spy on users.

Once in the session, enter “Sysinfo”To see the information of its operational target.

After that type “ps”In your terminal, to see all the current processes in the windows machine you have in Metasploit.

Here in the screenshot above, you can see the process ID explorer.exe is the 772 we need before we start the section with the keylogger.

To check the current process ID where you will enter your payload, enter “getpidOn the same console. Now type “ ”To migrate the process from the current PID to Explorer.exe PID.

So let's go ahead and see what it looks like when we start a remote keylogger. We will see the captured strokes. Just type “keyscan_start”To start remote recording.

Now we just have to wait until our victim types something on the keyboard. For example, go ahead and open your Windows browser and try to sign in to your account at .

Now go back to Kali and to see what was typed, just type “keyscan_dump"

And to stop the keylogger, you can use the command "keyscan_stop".

Key scan automation with Lockout Keylogger

Now, it would be great if we could automate this process. I mean, you do not really want to sit there and hang out until the user leaves the system?

You could lock his desktop and have him log in again, but this is very suspicious.

What if you could find the Meterpreter automatically and migrate to the winlogon process, scan the computer idle time, and automatically lock the user's system?

Meet the “Lockout_Keylogger", An amazing script from CG and Mubix. You must start with an active remote session with system level privileges.

Now just type, “background” to return to the session and to by Meterpreter. Type, “

Set the session number in our active session (1 in our example), so “set session 1".

Also, define her PID as per the screenshot below. Then type “exploit"

Lockout_Keylogger automatically finds the Winlogon process and goes to it. The program then starts monitoring the idle time of the remote system.

In about 300 seconds of inactivity, Lockout Keylogger tries to lock the user's desktop remotely. Sometimes it fails and tries to lock it up again.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).