1 1 00:00:02,130 --> 00:00:04,680 In this video, we'll see how we can 2 2 00:00:04,680 --> 00:00:08,080 log any mouse or keyboard event 3 3 00:00:08,080 --> 00:00:10,790 that happens on the target's computer. 4 4 00:00:10,790 --> 00:00:12,760 We're going to do that using a plugin 5 5 00:00:12,760 --> 00:00:15,200 or a module that comes in with a meterpreter. 6 6 00:00:15,200 --> 00:00:17,630 So, I have my meterpreter here already. 7 7 00:00:17,630 --> 00:00:19,130 And, to do that all you need to 8 8 00:00:19,130 --> 00:00:21,423 do is just type keyscan_start. 9 9 00:00:22,750 --> 00:00:24,480 Now, all of this exists in the help. 10 10 00:00:24,480 --> 00:00:26,527 If you're on the help you'll see it there. 11 11 00:00:26,527 --> 00:00:30,590 And now, it's starting my keystrike sniffer. 12 12 00:00:30,590 --> 00:00:33,470 So, I have my firefox running here. 13 13 00:00:33,470 --> 00:00:36,493 And let's say I wanted to go to Facebook.com. 14 14 00:00:37,970 --> 00:00:39,990 And then I wanted to log in to my, 15 15 00:00:39,990 --> 00:00:42,440 now, as you can see it's https here 16 16 00:00:42,440 --> 00:00:44,640 and nothing is wrong about it. 17 17 00:00:44,640 --> 00:00:47,610 Now, let's say I wanted to log in to my account. 18 18 00:00:47,610 --> 00:00:52,090 So, I'm going to put my account, zaid@isecurity.org. 19 19 00:00:52,090 --> 00:00:56,090 And let's say I put my password, which is 123456. 20 20 00:00:56,090 --> 00:00:57,560 Now, obviously this is the wrong password, 21 21 00:00:57,560 --> 00:00:59,680 I'm just trying to show you here. 22 22 00:00:59,680 --> 00:01:01,240 Now, if we come back here. 23 23 00:01:01,240 --> 00:01:04,900 To see the log of everything that has been recorded. 24 24 00:01:04,900 --> 00:01:06,743 We're going to type in keyscan_dump. 25 25 00:01:12,420 --> 00:01:14,360 Now, as you can see now, we can see that 26 26 00:01:14,360 --> 00:01:18,271 the target person typed in Facebook.com, hit enter, 27 27 00:01:18,271 --> 00:01:22,320 then they put their username which is zaid@isecurity.org, 28 28 00:01:22,320 --> 00:01:24,833 hit tab, and then they put the password 123456. 29 29 00:01:26,470 --> 00:01:27,820 Now, this will obviously record 30 30 00:01:27,820 --> 00:01:29,470 everything that happens in there. 31 31 00:01:30,890 --> 00:01:33,540 What you can also do is, we can actually, 32 32 00:01:33,540 --> 00:01:36,050 now, to stop this, you can just do keyscan_stop 33 33 00:01:38,255 --> 00:01:40,440 and it will stop the sniffer. 34 34 00:01:40,440 --> 00:01:42,140 Now, another cool thing that you can do 35 35 00:01:42,140 --> 00:01:44,323 is you can get a screenshot. 36 36 00:01:45,190 --> 00:01:47,313 So, we can just type in screenshot. 37 37 00:01:51,010 --> 00:01:52,383 If I spell that right. 38 38 00:01:53,870 --> 00:01:56,100 And it'll save it here for you in the root. 39 39 00:01:56,100 --> 00:01:58,193 Now, if I go to my browser. 40 40 00:01:59,710 --> 00:02:01,623 You'll see that I have a screenshot. 41 41 00:02:03,241 --> 00:02:04,441 I believe it's this one. 42 42 00:02:05,730 --> 00:02:07,830 And it's showing you what's here 43 43 00:02:07,830 --> 00:02:10,433 on the target computer, you can see it in here. 44 44 00:02:11,440 --> 00:02:13,720 Now, these are just two useful features, 45 45 00:02:13,720 --> 00:02:15,440 the keylogging is very useful because 46 46 00:02:15,440 --> 00:02:17,630 you can get usernames and passwords from it, 47 47 00:02:17,630 --> 00:02:19,470 and see what the target person is doing. 48 48 00:02:19,470 --> 00:02:21,380 The screenshot, you can see them. 49 49 00:02:21,380 --> 00:02:23,950 Kind of, get an idea of what they're doing as well. 50 50 00:02:23,950 --> 00:02:28,320 But, definitely the keys, the keylogger is much more useful. 51 51 00:02:28,320 --> 00:02:29,670 Now, obviously you can use other 52 52 00:02:29,670 --> 00:02:32,890 keylogger programs, like a portable keylogger. 53 53 00:02:32,890 --> 00:02:34,810 And all you have to do is just upload it 54 54 00:02:34,810 --> 00:02:36,220 using the upload command that we 55 55 00:02:36,220 --> 00:02:38,193 learned before and execute it.