Keylogging with Metasploit
We will start this chapter by exploring Metasploit’s built in key scanner. Metasploit has a helpful set of Meterpreter commands for capturing keys pressed on a target machine.
➢ keyscan_dump
➢ keyscan_start
➢ keyscan_stop
These commands are available through Meterpreter, so we will start with a system that we have already run an exploit on and were successful in creating a remote session. We will use our Windows 11 system as a target. We will need System level access, so after we get the remote session, we will have to run the “getsystem” command.
If we type “help” at the Meterpreter prompt we will be given a list of commands that we can run. For this section we are concerned with just the “keyscan” commands:
So, let’s go ahead and see what it looks like when we start a remote keylogger. Then we will view the captured key...