Windows Capture Keystroke Recorder

This module can be used to capture keystrokes. To capture keystrokes when the session is running as SYSTEM, the MIGRATE option must be enabled and the CAPTURE_TYPE option should be set to one of Explorer, Winlogon, or a specific PID. To capture the keystrokes of the interactive user, the Explorer option should be used with MIGRATE enabled. Keep in mind that this will demote this session to the user's privileges, so it makes sense to create a separate session for this task. The Winlogon option will capture the username and password entered into the logon and unlock dialog. The LOCKSCREEN option can be combined with the Winlogon CAPTURE_TYPE to for the user to enter their clear-text password.

Search Other Modules

Rank

Normal

Authors

Carlos Perez < carlos_perez [at] darkoperator.com >

Development

Similar Modules

post/windows/capture/lockout_keylogger

Usage Information

$ msfconsole

                ##                          ###           ##    ##
##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use post/windows/capture/keylog_recorder
msf post(keylog_recorder) > set SESSION [INTEGER]

Module Options

CAPTURE_TYPE	Capture keystrokes for Explorer, Winlogon or PID (accepted: explorer, winlogon, pid) (default: explorer)
INTERVAL	Time interval to save keystrokes (default: 5)
LOCKSCREEN	Lock system screen.
MIGRATE	Perform Migration.
PID	Process ID to migrate to
SESSION	The session to run this module on.
ShowKeystrokes	Show captured keystrokes
VERBOSE	Enable detailed status messages
WORKSPACE	Specify the workspace for this module