Metasploit/Exploit #5:How to dump victim system information using scraper in Metasploit .




   In this tutorial, I'm going to cover a script that you can use  to quickly gather victim information in Metasploit . The victim machine that I'm going to demonstrate in this tutorial is running on Windows XP . If you miss the earlier part of this series,please check on my previous tutorial on how to attack a Windows machine .

How to use Scraper?

1)Make sure you already in Meterpreter . Check on my previous post on introduction of Meterpreter here. To run the script,type in the terminal:


the script will run and save the information in your local  folder.

2)The file will be saved in "/root/.msf4/logs/scripts/scraper" folder with victim machine IP address and exploit date. 


3) Scraper collects almost all the information you need from a victim system. This include  the username,passwords, download the entire registry, dump password hashes, gather system information,export the current user HKEY (HKCU) and others.

4) To check out the information, you can use "cat" command  followed with  the file name. Below are some example that you can get from running a scraper script.
Example network.txt
Example of services.txt






Previous
Next Post »