Back to course

Post-Exploitation: Keylogging and Screenshots

Cyber Security Mastery: From Zero to Hero

Data Harvesting on the Compromised Host

Once a Meterpreter session is established on a graphical target (like a user's desktop machine), attackers can interact with the user's environment in sophisticated ways.

1. Keylogging

Keylogging captures every keystroke entered by the user. This is highly effective for stealing credentials, credit card numbers, and confidential communications.

  • Meterpreter Command: keyscan_start (starts logging) and keyscan_dump (shows captured input).

2. Screenshot Capture

Taking periodic screenshots helps capture sensitive information displayed on the screen that isn't stored in files (e.g., temporary passwords, multi-factor codes).

  • Meterpreter Command: screenshot (saves a JPEG image to the attacker's machine).

Ethical Note: These are highly invasive techniques and must only be practiced in your isolated lab against targets you own.