In this section, we'll look at how we can log any mouse or keyboard event that happens on the target computer. We will do that using a plugin that comes with Meterpreter. We have our Meterpreter, so we just have to run keyscan_start, as follows:

Suppose that we want to go to Facebook and log in to an account. If we look at the URL for the site, it includes HTTPS, and there is nothing wrong with it. Generally, we need a password to log in to an account. If we come back to our Terminal, we can see a log of everything that has been recorded by typing keyscan_dump. With that command, we can see that the target user typed in www.facebook.com, hit Enter, and put in their username, which was [email protected], and the password 123456:

This will record everything that happens on the computer. We can stop running keyscan_stop, and it will stop the sniffer.

Another cool thing that we can do is get a screenshot, just by typing screenshot; it will save it for us in the /root directory:

Go to /root, and we'll see that the screenshot is present. It's showing us what's being displayed on the target computer screen:

These are just two of the useful features we have available. The keylogging is very useful, because we can get usernames and passwords and see what the target user is doing on the computer. Obviously, we can use other keylogger programs, like a portable keylogger; all we have to do is upload them by using the upload command that we learned previously, and then execute them.