Part 1 - Keylogging with Keyscan
Video Activity
This lesson covers keylogging with keyscan. In this lesson, participants receive step by step instructions in how to learn more about the victim's system such as what applications they are using and what their credentials are, what logins they use for other web sites. Using the meterpreter shell and the victim command, you can learn ways to escalat...
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
This lesson covers keylogging with keyscan. In this lesson, participants receive step by step instructions in how to learn more about the victim's system such as what applications they are using and what their credentials are, what logins they use for other web sites. Using the meterpreter shell and the victim command, you can learn ways to escalate privileges.
Video Transcription
00:03
>> Another thing to think about when
00:03
you're interacting with the victim system is
00:03
seeing what you can continue
00:03
to learn about how that victim's using the system,
00:03
what their credentials might be?
00:03
>> What logins they use for other systems
00:03
>> or other websites?
00:03
>> Right now, I am connected through
00:03
a interpreter shell to the victim system
00:03
on a secondary account called victim.
00:03
I'm not using the administrator account now.
00:03
[NOISE] I've got two sessions here,
00:03
I've got one with the administrator account,
00:03
one with victim.
00:03
It's good to practice your techniques
00:03
with less privileged accounts so that you
00:03
can continue to learn ways to escalate your privileges.
00:03
In any case, we're going to go back to
00:03
our session number 5,
00:03
which is the victim,
00:03
which is a regular user, and if I run the help command,
00:03
we'll see that I've got
00:03
some key scan or key-logging commands here.
00:03
I start the keylogging while I'm logging keys,
00:03
I can dump the buffer,
00:03
and then when I'm done I can stop the buffer.
00:03
First, we'll do a key scan.
00:03
Start. [NOISE]. I was
00:03
already running a key scan so sorry about that.
00:03
Now I'll start it again. It says that it's running.
00:03
On the victim system,
00:03
we can just assume that they would be
00:03
going about their workday.
00:03
This secret info.
00:03
Back on my attack system,
00:03
I can run key scan dump and we'll see
00:03
that I started typing the name wrong.
00:03
I had a couple of backspaces,
00:03
secret info is the name of
00:03
the file I create on the desktop.
00:03
I hit return and hit return again to open
00:03
Notepad and then I typed in some information.
00:03
Very simple, very easy to use.
00:03
[NOISE].
00:03
This is something you would maybe think
00:03
about doing when you know
00:03
that the target is on
00:03
their system actively doing some work.
00:03
Maybe you determine that through
00:03
packet sniffing or through us some other monitoring.
00:03
One thing I also mentioned a couple times
00:03
before is the migrate function.
00:03
If I'm a regular user,
00:03
I can still try to migrate my session.
00:03
I already did this, I already migrated to explore.
00:03
But the idea is that you want to run PS,
00:03
look for explorer or some other process,
00:03
and think about migrating to that process ID.
00:03
Otherwise, the process that launched
00:03
my reverse TCP shell
00:03
when this case was a secret photos 32,
00:03
that might look suspicious if
00:03
someone sees on the process list.
00:03
It's a good idea to always migrate to another process.
00:03
If it's a system-level process,
00:03
you'll have to have privileges to do that but
00:03
we can see that this helps you cover your tracks,
00:03
helps you remain a little bit better hidden.
00:03
That's it for key-logging will see
00:03
you in the next section. Thank you.
Up Next
Similar Content
