Metasploit: Keylogging

Security, Vulnerability Assessment and Pentest 1 Minute

I was not able to do the keyscan successfully in my previous lab, now I found out the reason why.

The meterpreter is attached to svchost.exe process id 992.

meterpreter > getdesktop
Session 0\SAWinSta\Default
meterpreter >

The meterpreter is not in winsta0 and hence cannot capture the keystrokes of the victim.

explorer.exe has access to winsta0 api and hence is able to record the keystroke of the victim.

process id 2032 is explorer.exe, which has access to winsta0 api.

I will start the keylogging by using keyscan_start command

keystrokes captured.

Reference: http://securitytube-training.com/certifications/securitytube-metasploit-framework-expert/?id=download

Mr. Vivek Ramachandra rocks! He explains the theory and logic behind every lesson. Do sign up for his certification program as a form of supporting his cause for providing free and quality infosec education.

Advertisement

Published by cyruslab

Published

One thought on “Metasploit: Keylogging

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s