Tuesday, December 14, 2010

Capturing Windows Logon Credentials with Metasploit

Great blog post from the Metasploit blog that explains how to use a keylogger to capture the Windows Logon credentials.

Smartlocker is a script meant to capture the Windows credentials used to unlock the session.

Behavior:
- Migrates to winlogon.exe
- Waits for the session to be locked (the session is idle).
- Starts the keylogger until the session is unlocked (by typing the username and the password)
- Stops the keylogger
- The credentials are stored in a text file located in /home/{user}/.msf3/logs/scripts/smartlocker/

No comments:

Post a Comment