Logging Keystrokes on a Compromised Host

Username and password information can sometimes be obtained by logging keystrokes on a compromised machine when an authorized user logs into the host or uses the compromised host to log into a different host. Core Impact has a built-in keylogger utility module for Windows systems that can be installed after an agent has been deployed.

To install the Windows keylogger follow this procedure:

Select an appropriate agent to deploy the keylogger. The agent must be running on the Windows host where the keylogger will be installed and must have Administrator or SYSTEM privileges.
Run the "Keylogger" module from the Information Gathering/Local folder. Default parameters will configure the keylogger to store the log in memory. Refer to the module's documentation for additional information.
The keylogger will now start logging keystrokes on the host.
The logged keystrokes will be downloaded and stored in the specified file.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
21.6 | 202408120319 | August 2024