Type : Tutorial
Level : Beginner, Medium, Advanced
The first time I learn about keylogging was using a software called (I'm forget precise name) it's "spy *something*". That time I was really amazed because that tools really can capture all of strokes from keyboard and even can send me an email the result of user keyboard input.
What is Keylogger? Keylogger was the tools used to do keylogging or keystroke logging. Below was the definition from wikipedia :
"Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored."
Almost 95% keylogger use for unintended purpose, such as hacking, spying, etc.
In this tutorial I will explain use of keylogger on metasploit framework. Usually when you succedded exploited victim machine there's two approaches you can choose either smash and then grab the data, or low and slow. When using low and slow you can get a lot of information you need if you have patience. The tool I talking about is keystroke logger script with meterpreter. This tool didn't write anything into victim disk, so it will leave a minimal forensic footprint for investigator to follow up on. This tool also great for getting passwords, user accounts, and all sorts of other valuable information.
2. Linux Operating System or Backtrack 5(Metasploit already included inside)
1. First of all, of course we need a target. In this case I will use my previous tutorial about Hacking Mozilla Firefox 3.5 to 3.6 nsTreeRange Vulnerability Using Metasploit. Then let's say I'm successfully inside victim computer.
2. Then, the next step is we need to migrate Meterpreter to the Explorer.exe process because we don't want our exploited process getting reset and close our session on victim computer. Find out Explorer.exe process ID first by running ps command.
3. There it is…victim Explorer.exe process ID was 1372. The next step, we need to migrate our exploited process(Notepad.exe) to Explorer.exe by running migrate command.
To check whether we've already migrating into new process use getpid command.
4. The next step, let's run the keylogger by using keyscan_start command.
5. Just wait for a specified time(it may have various time to wait) before we harvesting the keystroke already captured by meterpreter keylogger. To dump all the captured keystroke, use keyscan_dump command.
There it is…the victim opened mail.google.com with username and password, also opened paypal.com with username and password too.
Hope you enjoy the tutorial and helpful for you.