Forum Thread: How to Log Out an Application with Meterpreter !!!

Look where the application stores login info and delete the file. A keylogger is as simple as running keyscan(underscore)start, waiting a bit and then typing keyscan(underscore)dump.

In battlenet application do you know where is the login file ?
I can't find it on google !
Thanks !

Try this. You'd better install the client on your system first and try the attack in LAN. If you succeed, you can try hacking the remote.

Nope, sorry. Try looking in the installation folder, my documents, and registry.

Found it! Kill the battle.net process, then go to %appdata%/Roaming/battle.net/ and delete battle.net.config. This will cause battle.net to forget saved accounts.

THanks man it worked !!!

I'm glad to hear that!

First I'd check the file however. You never know, maybe the developers accidentally stored the info in plain text. I have seen it many times before.

The only interesting thing in there is the saved email.

You could also you use SuperLogout it will logout of most of the accounts but i dont know if battlenet is there

PS: dont open the link in default browser or you will get logged out, Use private mode

Is there a tool in meterpreter or something like this to do this when you have a session ?

I dont thing so, but if he's logged in there must be a cookie or saved password hash, you can retrieve the saved password in the browser, tbh i forgot the exact script name, but you could google It

Yes its enum-firefox and enum-chrome but i want to log out battlenet application throught meterpreter so i can start keylogger to catch the username and password :/

If he's your friend you can Call him, And distract him from the pc (you could check id he's using the pc or not with Idle(underscore)time then open up a vnc and logout manually

Hmm nice :)
Do you know any existing script for extracting battlenet info etc ?

Well i dont think such a script exists but you could do as they said or just extract the passwords database

Didn't work against my google chrome browser.

If u r lazy for research just uninstall the app. Jump in shell and follow these steps :

1. In meterpeter type: shell

2. Input WMIC and press Return. You will see a prompt that looks like this:

wmic:root\cli>

3. At the new prompt, execute the following command:

product get name

This will generate a list of installed applications.

4. At the prompt, execute the following command:

product where name="" call uninstall

Between "" type the name of program desired to uninstall.

This will silently uninstall the app and you can start keylogger and wait for him to install app again. He might get suspicios but this is a lazy way, you can go with imho.

Lmfao it's suspicious

Yeah i said its lazy way :D Or just he can go on batllenet site and reset password if he know email? I dont have batllenet so i dont know, but it might work.

If he resets the password through email, I doubt the victim is going to fall for it.

I bet he will, if it is average user he will for sure. Personal experience. Im just thinking about some twist if he dont want make research how batllenet client store credentials, cos meterpeter dont have any command for this.

I have searched google but i found nothing specific :/

Thanks! Using this instead of uninstalling through control panel

Yeah, i found nothing too. But i dont have batllenet so i cant research it myself and honestly i dont want to. If you got meterpeter session on victim, you can do shitloads of twist to get access anywhere.