262
◾
Ethical Hacking and Penetration Testing Guide
Now to check if our keylogger has captured any of the passwords, we will use the following
command.
meterpreter> keyscan_dump
Note
: Make sure that you have migrated to explorer.exe before running the script.
In this case, it has not captured any of the keystrokes yet; as soon as the victim starts typing, we
will see the keystrokes on our screen. If we want to capture the credentials of all users logging in to
the machine, we simply need to migrate the process to winlogon.exe and start the keylogger again.
Alternatively, we have a better meterpreter script called “keylogrecorder”. This script will
automatically save the recorded keystrokes inside the database. The script can be executed by
using the following command:
meterpreter>run keylogrecorder
By default it would automatically migrate to the explorer.exe process and try to capture key-
strokes. If you would like to record the Windows logon credentials, you would need to specify an
additional parameter –c followed by “1”.
Dostları ilə paylaş: