Winlogon Lockout Credential Keylogger
This module migrates and logs Microsoft Windows user's passwords via Winlogon.exe. Using idle time and natural system changes to give a false sense of security to the user.
Rank
- Normal
Authors
- Rob Fuller < mubix [at] hak5.org >
- cg < >
Vulnerability References
Development
Similar Modules
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/capture/lockout_keylogger
msf post(lockout_keylogger) > set SESSION [INTEGER]
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/capture/lockout_keylogger
msf post(lockout_keylogger) > set SESSION [INTEGER]
Module Options
| HEARTBEAT | Heart beat between idle checks (default: 30) |
| INTERVAL | Time between key collection during logging (default: 30) |
| LOCKTIME | Amount of idle time before lockout (default: 300) |
| PID | Target PID, only needed if multiple winlogon.exe instances exist |
| SESSION | The session to run this module on. |
| WAIT | Wait for lockout instead of default method |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |