5 Step To Capture Windows User Login Using Metasploit Keylogger

Type : Tips and Trick

Level : Beginner, Medium, Advanced

My previous tutorial was talking and explaining about how to capture user keyboard stroke using meterpreter keylogger, you can find the article here : 5 Step Using Metasploit Keylogger (Keylogging).

Now I will explain how to capture user login information also using meterpreter keylogger.

I didn’t put this section on tutorial categories, because I think it was very simple and short tutorial, so I put it on Tips and trick categories.

In this case, let’s imagine a computer with more than 1 user use the same computer did you know what computer it is? Yep it was terminal server computer. Many user use the same computer simultaneously. But in this tutorial I didn’t do on terminal server, but on regular computer running windows 7 with user more than 1.

Requirement :

1. Metasploit Framework.

2. Linux OS or Backtrack.

Step By Step :

1. Follow my first tutorial about how to use metasploit meterpreter keylogger here : 5 Step Using Metasploit Meterpreter Keylogger.

2. After migrating into explorer.exe(on step 3 my previous tutorial), try to escalate your privilege into system account by doing getsystem command.

3. The next step you need to migrate into winlogon.exe. Find out winlogon.exe Process ID by using ps command.

4.Run keyscan_start to start the keylogger, and wait until another user or administrator login into the system.

5. Until a specified time, run keyscan_dump and see is there someone login into the system or no?

Hope you enjoy the tips and trick.

Cheers 🙂

Share this article if you found it was useful: