• 8,287
  • 91
  • +474
  • 568
5 Step Using Metasploit Meterpreter Keylogger(Keylogging)

5 Step Using Metasploit Meterpreter Keylogger(Keylogging)


Type : Tutorial

Level : Beginner, Medium, Advanced

The first time I learn about keylogging was using a software called (I'm forget precise name) it's "spy *something*". That time I was really amazed because that tools really can capture all of strokes from keyboard and even can send me an email the result of user keyboard input.

What is Keylogger? Keylogger was the tools used to do keylogging or keystroke logging. Below was the definition from wikipedia :

"Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored."

Almost 95% keylogger use for unintended purpose, such as hacking, spying, etc.

In this tutorial I will explain use of keylogger on metasploit framework. Usually when you succedded exploited victim machine there's two approaches you can choose either smash and then grab the data, or low and slow. When using low and slow you can get a lot of information you need if you have patience. The tool I talking about is keystroke logger script with meterpreter. This tool didn't write anything into victim disk, so it will leave a minimal forensic footprint for investigator to follow up on. This tool also great for getting passwords, user accounts, and all sorts of other valuable information.

Requirements :

1. Metasploit Framework

2. Linux Operating System or Backtrack 5(Metasploit already included inside)

5 Step Using Metasploit Meterpreter Keylogger :

1. First of all, of course we need a target. In this case I will use my previous tutorial about Hacking Mozilla Firefox 3.5 to 3.6 nsTreeRange Vulnerability Using Metasploit. Then let's say I'm successfully inside victim computer.

5 Step Using Metasploit Meterpreter Keylogger

2. Then, the next step is we need to migrate Meterpreter to the Explorer.exe process because we don't want our exploited process getting reset and close our session on victim computer. Find out Explorer.exe process ID first by running ps command.

5 Step Using Metasploit Meterpreter Keylogger(Keylogging)

3. There it is…victim Explorer.exe process ID was 1372. The next step, we need to migrate our exploited process(Notepad.exe) to Explorer.exe by running migrate command.

metasploit meterpreter keylogger keylogging

To check whether we've already migrating into new process use getpid command.

4. The next step, let's run the keylogger by using keyscan_start command.

metasploit meterpreter keylogger keylogging

5. Just wait for a specified time(it may have various time to wait) before we harvesting the keystroke already captured by meterpreter keylogger. To dump all the captured keystroke, use keyscan_dump command.

metasploit meterpreter keylogger keylogging

There it is…the victim opened mail.google.com with username and password, also opened paypal.com with username and password too.

Hope you enjoy the tutorial and helpful for you.

Cheers :-)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

9 Responsesto “5 Step Using Metasploit Meterpreter Keylogger(Keylogging)”

  1. chard says:

    Hi Vishnu,
                     its me again just wondering if you could answer my question. my question is about migration in the remote system (victims pc) what if the victims ip address change i mean its in dhcp. does it mean my connection to that pc will be lost?  how can i overcome this kind of problem. thank you very much.hope for our response

  2. josh says:

    can i get a whole tutorial notes from you?

  3. jeff kane says:

    hello i was wandering if the targets computer  has an antivirus will this script be detected or must we first deactivate it from inside the targets pc question 2 as im new to the keylogger  aspect of metasploit and farley new at btr5 i was wandeing when you refer to the note pad.exe must we first creat the keylogger file or is it already apart of the metasploit process sorry if i sound like a newb im trying to be specific

    • v4L says:

      by default antivirus will detect it.
      the notepad.exe you saw in above picture is the exploit(http://www./computer/hacking-mozilla-firefox-3-5-to-3-6-nstreerange-vulnerability-using-metasploit/) who automatically migrating to notepad.exe.
      the keylogger I use is part of metasploit meterpreter.

  4. Chester says:

    I was wondering, do you need the victim’s ip address to begin keylogging that person remotely? Or can you only do this in your own network?

    Also, is there a way to make this keylogger undetectable if it ever gets detected by any AV? Thanks in advance!

  5. yash soni says:

    I want to learn it deeply
    is it possible


  1. Capture Windows User Login Using Metasploit Keylogger | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] My previous tutorial was talking and explaining about how to capture user keyboard stroke using meterpreter keylogger, you can …
  2. Client Side Attack Using Adobe PDF Escape EXE Social Engineering | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] After successfully perform this attack, try to migrate process to Explorer.exe (see tutorial here on step 2 and [...]
  3. Hacking Windows 7 SP 1 Using Java Signed Applet Social Engineering Code Execution | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] 5 Steps Using Meterpreter Keylogging [...]

Leave a Reply

Your email address will not be published. Required fields are marked *