5 Step Using Metasploit Meterpreter Keylogger(Keylogging)
Type : Tutorial
Level : Beginner, Medium, Advanced
The first time I learn about keylogging was using a software called (I’m forget precise name) it’s “spy *something*”. That time I was really amazed because that tools really can capture all of strokes from keyboard and even can send me an email the result of user keyboard input.
What is Keylogger? Keylogger was the tools used to do keylogging or keystroke logging. Below was the definition from wikipedia :
“Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.”
Almost 95% keylogger use for unintended purpose, such as hacking, spying, etc.
In this tutorial I will explain use of keylogger on metasploit framework. Usually when you succedded exploited victim machine there’s two approaches you can choose either smash and then grab the data, or low and slow. When using low and slow you can get a lot of information you need if you have patience. The tool I talking about is keystroke logger script with meterpreter. This tool didn’t write anything into victim disk, so it will leave a minimal forensic footprint for investigator to follow up on. This tool also great for getting passwords, user accounts, and all sorts of other valuable information.
Requirements :
2. Linux Operating System or Backtrack 5(Metasploit already included inside)
Step By Step :
1. First of all, of course we need a target. In this case I will use my previous tutorial about Hacking Mozilla Firefox 3.5 to 3.6 nsTreeRange Vulnerability Using Metasploit. Then let’s say I’m successfully inside victim computer.
2. Then, the next step is we need to migrate Meterpreter to the Explorer.exe process because we don’t want our exploited process getting reset and close our session on victim computer. Find out Explorer.exe process ID first by running ps command.
3. There it is…victim Explorer.exe process ID was 1372. The next step, we need to migrate our exploited process(Notepad.exe) to Explorer.exe by running migrate command.
To check whether we’ve already migrating into new process use getpid command.
4. The next step, let’s run the keylogger by using keyscan_start command.
5. Just wait for a specified time(it may have various time to wait) before we harvesting the keystroke already captured by meterpreter keylogger. To dump all the captured keystroke, use keyscan_dump command.
There it is…the victim opened mail.google.com with username and password, also opened paypal.com with username and password too.
Hope you enjoy the tutorial and helpful for you.
Cheers 
Incoming search terms:
- backtrack keylogger
- backtrack 5 keylogger
- keylogger backtrack
- meterpreter keylogger
- keylogger backtrack 5
- metasploit keylogger tutorial
- keylogger metasploit
- keylogger in backtrack 5
- Keylogger Dengan Metasploit
- keylogger in backtrack
Written by Vishnu Valentino.
Founder of hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com
See all posts by v4L || Visit Website : http://www.vishnuvalentino.com
Popular Posts
8 Responsesto “5 Step Using Metasploit Meterpreter Keylogger(Keylogging)”
Trackbacks/Pingbacks
- Capture Windows User Login Using Metasploit Keylogger | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] My previous tutorial was talking and explaining about how to capture user keyboard stroke using meterpreter keylogger, you can ...
- Client Side Attack Using Adobe PDF Escape EXE Social Engineering | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] After successfully perform this attack, try to migrate process to Explorer.exe (see tutorial here on step 2 and [...]
- Hacking Windows 7 SP 1 Using Java Signed Applet Social Engineering Code Execution | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] 5 Steps Using Meterpreter Keylogging [...]
Leave a Reply
Links
Get Updates via Networkedblogs
Hi Vishnu,
its me again just wondering if you could answer my question. my question is about migration in the remote system (victims pc) what if the victims ip address change i mean its in dhcp. does it mean my connection to that pc will be lost? how can i overcome this kind of problem. thank you very much.hope for our response
#chard
You can do nothing…except you already put a backdoor there and make it connect to your PC
can i get a whole tutorial notes from you?
#josh
just view it on this blog
hello i was wandering if the targets computer has an antivirus will this script be detected or must we first deactivate it from inside the targets pc question 2 as im new to the keylogger aspect of metasploit and farley new at btr5 i was wandeing when you refer to the note pad.exe must we first creat the keylogger file or is it already apart of the metasploit process sorry if i sound like a newb im trying to be specific
#jeff
by default antivirus will detect it.
the notepad.exe you saw in above picture is the exploit(http://www.hacking-tutorial.com/computer/hacking-mozilla-firefox-3-5-to-3-6-nstreerange-vulnerability-using-metasploit/) who automatically migrating to notepad.exe.
the keylogger I use is part of metasploit meterpreter.
I was wondering, do you need the victim’s ip address to begin keylogging that person remotely? Or can you only do this in your own network?
Also, is there a way to make this keylogger undetectable if it ever gets detected by any AV? Thanks in advance!
#Chester
You can learn and view this post: http://www.hacking-tutorial.com/hacking-tutorial/windows-keylogger-xenotix/