Headlines News :
Home » » 5 Step Using Metasploit Meterpreter Keylogger / Keylogging

5 Step Using Metasploit Meterpreter Keylogger / Keylogging

Written By Nanda Journey on Minggu, 20 November 2011 | 11.59

The first time I learn about keylogging was using a software called (I'm forget precise name) it's "spy *something*". That time I was really amazed because that tools really can capture all of strokes from keyboard and even can send me an email the result of user keyboard input.
What is Keylogger? Keylogger was the tools used to do keylogging or keystroke logging. Below was the definition from wikipedia :
"Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored."
Almost 95% keylogger use for unintended purpose, such as hacking, spying, etc.
In this tutorial I will explain use of keylogger on metasploit framework. Usually when you succedded exploited victim machine there's two approaches you can choose either smash and then grab the data, or low and slow. When using low and slow you can get a lot of information you need if you have patience. The tool I talking about is keystroke logger script with meterpreter. This tool didn't write anything into victim disk, so it will leave a minimal forensic footprint for investigator to follow up on. This tool also great for getting passwords, user accounts, and all sorts of other valuable information.

Requirements :

1. Metasploit Framework
2. Linux Operating System or Backtrack 5(Metasploit already included inside)

Step By Step :

1. First of all, of course we need a target. In this case I will use my previous tutorial about Hacking Mozilla Firefox 3.5 to 3.6 nsTreeRange Vulnerability Using Metasploit. Then let's say I'm successfully inside victim computer.
Mozilla Firefox nsTreeRange vulnerability
2. Then, the next step is we need to migrate Meterpreter to the Explorer.exe process because we don't want our exploited process getting reset and close our session on victim computer. Find out Explorer.exe process ID first by running ps command.
Metasploit meterpreter keylogger / keylogging
3. There it is…victim Explorer.exe process ID was 1372. The next step, we need to migrate our exploited process(Notepad.exe) to Explorer.exe by running migrate command.
metasploit meterpreter keylogger keylogging
To check whether we've already migrating into new process use getpid command.
4. The next step, let's run the keylogger by using keyscan_start command.
metasploit meterpreter keylogger keylogging
5. Just wait for a specified time(it may have various time to wait) before we harvesting the keystroke already captured by meterpreter keylogger. To dump all the captured keystroke, use keyscan_dump command.
metasploit meterpreter keylogger keylogging
There it is…the victim opened mail.google.com with username and password, also opened paypal.com with username and password too.
Hope you enjoy the tutorial and helpful for you.

i love indonesia
Anda sedang membaca artikel tentang 5 Step Using Metasploit Meterpreter Keylogger / Keylogging dan anda bisa menemukan artikel 5 Step Using Metasploit Meterpreter Keylogger / Keylogging ini dengan url http://hy-hack.blogspot.com/2011/11/5-step-using-metasploit-meterpreter.html,Dilarang menduplikat artikel ini 5 Step Using Metasploit Meterpreter Keylogger / Keylogging jika sangat bermanfaat hanya boleh sebagai artikel refrensi atau harus mengulas nya dengan bahasa / kalimat yang berbeda dan memberi link ini : 5 Step Using Metasploit Meterpreter Keylogger / Keylogging

Artikel Terkait:

Share this post :

Posting Komentar

Blog Dofolow , Tapi Tolong jangan nyepam dan ada kata kata yang tidak baik

Support : Abaut Us | Contact Us | Privacy Policy | Term of Use | Redaksi | Advertise | Lowongan Kerja | Forum | Tabloit | Mobile Version | Hy Hack Toolbar
Copyright © 2011. HY hack - All Rights Reserved Template Created by Heykhend
Published by Heykhend Corp. Developed by PT Heykhend Publik Media (HPM)