Metasploit: Keylogging

I was not able to do the keyscan successfully in my previous lab, now I found out the reason why.

The meterpreter is attached to svchost.exe process id 992.

meterpreter > getdesktop
Session 0\SAWinSta\Default
meterpreter >

The meterpreter is not in winsta0 and hence cannot capture the keystrokes of the victim.

explorer.exe has access to winsta0 api and hence is able to record the keystroke of the victim.

process id 2032 is explorer.exe, which has access to winsta0 api.

I will start the keylogging by using keyscan_start command

keystrokes captured.


Mr. Vivek Ramachandra rocks! He explains the theory and logic behind every lesson. Do sign up for his certification program as a form of supporting his cause for providing free and quality infosec education.

This entry was posted in Security, Vulnerability Assessment and Pentest and tagged , , , , , , , , . Bookmark the permalink.

One Response to Metasploit: Keylogging

  1. gabriel says:

    Gracias me ha sido de mucha ayuda 😀

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s