• 26,769
  • +1,026
  • 3,010
5 Step To Capture Windows User Login Using Metasploit Keylogger

5 Step To Capture Windows User Login Using Metasploit Keylogger

Bookmark

Type : Tips and Trick

Level : Beginner, Medium, Advanced

My previous tutorial was talking and explaining about how to capture user keyboard stroke using meterpreter keylogger, you can find the article here : 5 Step Using Metasploit Keylogger (Keylogging).

Now I will explain how to capture user login information also using meterpreter keylogger.

I didn’t put this section on tutorial categories, because I think it was very simple and short tutorial, so I put it on Tips and trick categories.

In this case, let’s imagine a computer with more than 1 user use the same computer did you know what computer it is? Yep it was terminal server computer. Many user use the same computer simultaneously. But in this tutorial I didn’t do on terminal server, but on regular computer running windows 7 with user more than 1.

Requirement :

1. Metasploit Framework.

2. Linux OS or Backtrack.

Step By Step :

1. Follow my first tutorial about how to use metasploit meterpreter keylogger here : 5 Step Using Metasploit Meterpreter Keylogger.

2. After migrating into explorer.exe(on step 3 my previous tutorial), try to escalate your privilege into system account by doing getsystem command.

capture windows user login using meterpreter keylogger

3. The next step you need to migrate into winlogon.exe. Find out winlogon.exe Process ID by using ps command.

5 Step To Capture Windows User Login Using Metasploit Keylogger

4.Run keyscan_start to start the keylogger, and wait until another user or administrator login into the system.

5 Step To Capture Windows User Login Using Metasploit Keylogger

5. Until a specified time, run keyscan_dump and see is there someone login into the system or no?

Hope you enjoy the tips and trick.

Cheers ๐Ÿ™‚

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • Aanan

    I get this message everytime ๐Ÿ™

    riv_elevate_getsystem: Operation failed: Access is denied.

    Please help

    • v4L

      #Aanan
      it depends on the vulnerability and the exploit you use. if you use metasploit framework, you can find exploit with excellent ranking.