1
00:00:00,470 --> 00:00:02,050
All right, so how's everybody doing?

2
00:00:03,200 --> 00:00:10,580
I'm thinking that it's time that I tell you about key logging in this particular section because it's

3
00:00:10,580 --> 00:00:13,870
part of the maintaining access process.

4
00:00:14,780 --> 00:00:15,320
So.

5
00:00:16,430 --> 00:00:21,980
What I mean is that this is going to help you to be permanent on the system.

6
00:00:23,150 --> 00:00:29,210
So here's my take on using key logging is about ethics.

7
00:00:30,460 --> 00:00:36,670
So if it's clearly not described in this scope that you've already established with your client, then

8
00:00:36,670 --> 00:00:41,160
I would recommend you hesitate logging your target's keyboard.

9
00:00:42,100 --> 00:00:49,270
So it's very common to see employers personal information, such as chat messages when you perform key

10
00:00:49,270 --> 00:00:59,260
logging, because almost every company, because humans are humans, employers will hold their personal

11
00:00:59,260 --> 00:01:06,070
data on work computers and use these computers to look at their personal email, social media accounts

12
00:01:06,070 --> 00:01:07,270
and whatever else.

13
00:01:08,320 --> 00:01:16,540
In fact, I I've seen some penetration testers doing key logging as soon as they gain access to a system.

14
00:01:17,650 --> 00:01:22,930
I don't consider that purely ethical, in fact, I don't like it at all.

15
00:01:24,460 --> 00:01:31,750
It's really not good unless you are doing a social engineering or a phishing attack for the purpose

16
00:01:31,750 --> 00:01:37,840
of gaining awareness and again, make sure that it's part of the scope you've already established with

17
00:01:37,840 --> 00:01:38,350
your client.

18
00:01:39,640 --> 00:01:49,630
So MSF allows you to capture all keyboard input from the system without writing anything to disk, leaving

19
00:01:49,630 --> 00:01:53,830
a minimal forensic footprint for investigators to follow up on later.

20
00:01:55,170 --> 00:02:01,260
So was perfect for getting passwords and user accounts and, well, all sorts of other valuable information.

21
00:02:02,480 --> 00:02:08,840
MSF offers several ways for cataloging, such as interpreters scripts and post modules.

22
00:02:10,040 --> 00:02:12,700
So let's have a look and see how it works.

23
00:02:14,980 --> 00:02:18,610
So here I have a system level session on the target.

24
00:02:19,530 --> 00:02:24,200
And I'm going to conduct everything forward from that session.

25
00:02:25,660 --> 00:02:29,290
So normally having a session with privileged user rights is good.

26
00:02:30,320 --> 00:02:33,080
But when you try to record Ki's.

27
00:02:34,280 --> 00:02:42,620
You will need to downgrade and then migrate the exact process so that you can read the key logs of a

28
00:02:42,620 --> 00:02:43,460
specific user.

29
00:02:44,630 --> 00:02:51,200
So it's always good to migrate, explore XY to record what the user types, however, to record the

30
00:02:51,200 --> 00:02:57,410
windows long information, you will have to migrate when log on dot XY.

31
00:02:58,710 --> 00:02:59,310
Yes.

32
00:03:00,250 --> 00:03:03,310
S Explorer got EXI.

33
00:03:04,340 --> 00:03:07,450
To see the pide value of exploratory, actually.

34
00:03:08,820 --> 00:03:11,250
And in this case, it is 41, 88.

35
00:03:12,690 --> 00:03:15,360
So that's my great 41 Eighty-eight.

36
00:03:18,610 --> 00:03:21,070
And the migration completed successfully.

37
00:03:22,050 --> 00:03:23,820
So get UID.

38
00:03:25,750 --> 00:03:28,930
And yes, so now you downgrade our user.

39
00:03:30,720 --> 00:03:38,790
I'll first start with Stapper extension's command guys can start H.

40
00:03:40,080 --> 00:03:42,840
Guys can start command will start Keylong.

41
00:03:44,100 --> 00:03:49,860
Now it has a few parameters, so type can start the.

42
00:03:53,450 --> 00:03:56,360
And now the keystrokes are the current user will be saved.

43
00:03:57,850 --> 00:04:03,280
And then the parameter will also record the active window for us.

44
00:04:04,510 --> 00:04:08,800
So open Métis boy three now and let's write something.

45
00:04:09,770 --> 00:04:11,480
So I have a password file here.

46
00:04:12,420 --> 00:04:15,420
And I'm going to add some passwords here.

47
00:04:18,800 --> 00:04:21,470
And we'll do a search in the Explorer.

48
00:04:24,780 --> 00:04:27,870
And over the command line list users.

49
00:04:30,490 --> 00:04:31,690
Let's display a user.

50
00:04:34,420 --> 00:04:41,260
And let's make a remote connection to tend tend to dot 12.

51
00:04:43,950 --> 00:04:46,020
And I'll do many things here.

52
00:04:47,310 --> 00:04:47,850
So.

53
00:04:48,800 --> 00:04:52,970
Turn back to Kelly and just type Kesk and dump.

54
00:04:55,610 --> 00:05:00,980
Yes, see, that's very good, so everything I type within the active windows are here.

55
00:05:02,170 --> 00:05:04,660
And now I'm going to stop recording.

56
00:05:05,880 --> 00:05:07,770
My typing key can stop.

57
00:05:10,130 --> 00:05:18,410
OK, so these SDD API commands are good to use, but you will be responsible for what you do.

58
00:05:19,910 --> 00:05:23,000
And now for the next flavor, it's a post module.

59
00:05:24,140 --> 00:05:26,330
So here is the information of this module.

60
00:05:31,670 --> 00:05:38,120
Actually, there is also interpretor script for this module, but unfortunately, it doesn't work properly.

61
00:05:39,400 --> 00:05:44,280
So all you have to do is type run and then the name of the post module.

62
00:05:49,220 --> 00:05:50,480
And and we'll start.

63
00:05:52,350 --> 00:05:56,220
So now it's open metastable three and type something again.

64
00:05:57,900 --> 00:06:00,480
I'm going to add new passwords.

65
00:06:06,540 --> 00:06:09,090
And display users from Power Show.

66
00:06:12,480 --> 00:06:13,680
Run an application.

67
00:06:18,160 --> 00:06:25,750
OK, and then go back to Colly type control and see to stop recording.

68
00:06:26,890 --> 00:06:27,760
And it's got.

69
00:06:28,910 --> 00:06:30,550
So copy this file pad.

70
00:06:31,770 --> 00:06:32,910
Open a new tab.

71
00:06:34,970 --> 00:06:37,310
Them and then pace the path.

72
00:06:39,150 --> 00:06:41,940
And then this is what I typed on matters voidable three.

73
00:06:43,250 --> 00:06:50,990
So key logging may provide you access to spread throughout the network whenever you compromise and administrator

74
00:06:50,990 --> 00:06:56,800
computer, however, it can also bring some serious privacy problems.

75
00:06:57,440 --> 00:07:03,650
So I would advise you again to if you use it, to use it, please, respectfully.