Once you got the meterpreter session, migrate the process to explorer.exe and type
Keyscan_start – to start the keylogger
Keyscan_dump – to print captured keystrokes
Samurai is a web application pentesting framework which comes with all the necessary tools.
> Open Samurai
> Open firefox
> Navigate to http://localhost:8080/webgoat/attack
> Username and password are guest
> Click start webgoat button
HackMeBank is a sample application where you can practice/test your hacking skills. To know how to setup hackmebank on your windows XP visit -
Following the steps mentioned in the above link will allow you to run Hackmebank on SQL server 2000 express edition. If you have a latest SQL server, you can point the Hackmebank by editing the web.config file.
To run HackMeBank on SQL server 2008, install SQL server instead of SQL 2000 express. Navigate to HacmeBank_v2_WS folder and open web.config, provide SQL server 2008 username and password.
<add key=”FoundStone_Connection” value=”Server=(local);Database=FoundStone_Bank;User Id=Username;password=password“/>
To run HackMeBank in a new port, navigate to HacmeBank_v2_Website folder, open web.config and change the below value
<add key=”ipAddressOfWebService” value=”127.0.0.1:port number“/>
SSLStrip can be used to steal gmail, facebook… (any https site) credentials in LAN. Backtrack comes with a pre-installed SSLStrip.
Below steps explain the usage of SSLStrip to steal the credentials.
Attacker: Backtrack 4 linux machine
Victim: windows xp machine
On Backtrack 4 terminal,
On other terminal:
If you are using Backtrack 5, then do the following to start SSLStrip.
Now in windows xp machine, open a browser (IE). Type gmail and hit cntrl+enter.
Type username and password to log into your gmail.
By this time SSLStrip captures the credentials and stores it in sslstrip.log file. To view the log
On backtrack terminal:
Make sure that your VM does not have any snapshots. If you a snapshot then create a clone of the VM and run the following command.
c:Program filesVirtual machinevmworkstationsvmware-vdiskmanager -x sizeGB file.vmdk