5 Step Using Metasploit Meterpreter Keylogger(Keylogging)

5 Step Using Metasploit Meterpreter Keylogger(Keylogging)


Type : Tutorial

Level : Beginner, Medium, Advanced

The first time I learn about keylogging was using a software called (I'm forget precise name) it's "spy *something*". That time I was really amazed because that tools really can capture all of strokes from keyboard and even can send me an email the result of user keyboard input.

What is Keylogger? Keylogger was the tools used to do keylogging or keystroke logging. Below was the definition from wikipedia :

"Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored."

Almost 95% keylogger use for unintended purpose, such as hacking, spying, etc.

In this tutorial I will explain use of keylogger on metasploit framework. Usually when you succedded exploited victim machine there's two approaches you can choose either smash and then grab the data, or low and slow. When using low and slow you can get a lot of information you need if you have patience. The tool I talking about is keystroke logger script with meterpreter. This tool didn't write anything into victim disk, so it will leave a minimal forensic footprint for investigator to follow up on. This tool also great for getting passwords, user accounts, and all sorts of other valuable information.

Requirements :

1. Metasploit Framework

2. Linux Operating System or Backtrack 5(Metasploit already included inside)

5 Step Using Metasploit Meterpreter Keylogger :

1. First of all, of course we need a target. In this case I will use my previous tutorial about Hacking Mozilla Firefox 3.5 to 3.6 nsTreeRange Vulnerability Using Metasploit. Then let's say I'm successfully inside victim computer.

5 Step Using Metasploit Meterpreter Keylogger

2. Then, the next step is we need to migrate Meterpreter to the Explorer.exe process because we don't want our exploited process getting reset and close our session on victim computer. Find out Explorer.exe process ID first by running ps command.

5 Step Using Metasploit Meterpreter Keylogger(Keylogging)

3. There it is…victim Explorer.exe process ID was 1372. The next step, we need to migrate our exploited process(Notepad.exe) to Explorer.exe by running migrate command.

metasploit meterpreter keylogger keylogging

To check whether we've already migrating into new process use getpid command.

4. The next step, let's run the keylogger by using keyscan_start command.

metasploit meterpreter keylogger keylogging

5. Just wait for a specified time(it may have various time to wait) before we harvesting the keystroke already captured by meterpreter keylogger. To dump all the captured keystroke, use keyscan_dump command.

metasploit meterpreter keylogger keylogging

There it is…the victim opened mail.google.com with username and password, also opened paypal.com with username and password too.

Hope you enjoy the tutorial and helpful for you.

Cheers ๐Ÿ™‚

(Visited 23,762 times, 1 visits today)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web.
Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • Pingback: Capture Windows User Login Using Metasploit Keylogger | Vishnu Valentino Hacking Tutorial, Tips and Trick()

  • Pingback: Client Side Attack Using Adobe PDF Escape EXE Social Engineering | Vishnu Valentino Hacking Tutorial, Tips and Trick()

  • Pingback: Hacking Windows 7 SP 1 Using Java Signed Applet Social Engineering Code Execution | Vishnu Valentino Hacking Tutorial, Tips and Trick()

  • chard

    Hi Vishnu,
                     its me again just wondering if you could answer my question. my question is about migration in the remote system (victims pc) what if the victims ip address change i mean its in dhcp. does it mean my connection to that pc will be lost?  how can i overcome this kind of problem. thank you very much.hope for our response

    • v4L

      You can do nothing…except you already put a backdoor there and make it connect to your PC ๐Ÿ™‚

  • josh

    can i get a whole tutorial notes from you?

    • v4L

      just view it on this blog

  • jeff kane

    hello i was wandering if the targets computer  has an antivirus will this script be detected or must we first deactivate it from inside the targets pc question 2 as im new to the keylogger  aspect of metasploit and farley new at btr5 i was wandeing when you refer to the note pad.exe must we first creat the keylogger file or is it already apart of the metasploit process sorry if i sound like a newb im trying to be specific

    • v4L

      by default antivirus will detect it.
      the notepad.exe you saw in above picture is the exploit(http://www./computer/hacking-mozilla-firefox-3-5-to-3-6-nstreerange-vulnerability-using-metasploit/) who automatically migrating to notepad.exe.
      the keylogger I use is part of metasploit meterpreter.

  • Chester

    I was wondering, do you need the victim’s ip address to begin keylogging that person remotely? Or can you only do this in your own network?

    Also, is there a way to make this keylogger undetectable if it ever gets detected by any AV? Thanks in advance!

    • v4L


      You can learn and view this post: http://www./hacking-tutorial/windows-keylogger-xenotix/

  • yash soni

    I want to learn it deeply
    is it possible

  • George

    How do i install a rat exe on remote machine?

  • Justnow ;)

    i am wondering if i can do a thing like that: put a keylogging program on a USB and attach this USB into a wifi router and it will logg and send me the things… to my email?

    • Joseph D

      That would be great if archived

  • Gireesh

    I get an error saying failed to bind to ” . What to do ? Vishnu by the way are you malayali ?