Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add meterpreter keyboard and mouse input #11838

Merged
merged 2 commits into from May 31, 2019

Conversation

Projects
None yet
4 participants
@timwr
Copy link
Contributor

commented May 13, 2019

This pull request extends the stdapi ui extension to add some basic commands to send mouse and keyboard input to a meterpreter client. In future potentially we can extend this to send virtual keys (as it's not currently implemented to send modifiers and multiple keys (e.g Escape, direction arrows, Ctrl + R, etc). It's unclear what format to use for this, potentially we could add support for duckyscript.

Verification

List the steps needed to make sure this thing works

  • Land OSX/Windows changes
  • meterpreter > mouse click
  • meterpreter > keyboard_send "🐲✌ 𝐦𝑒π•₯π”ΈΕœΟπ•ƒβ“„π’Ρ‚ πŸ˜πŸ™"
  • Verify the meterpreter client performs the user input.
@busterb

This comment has been minimized.

Copy link
Member

commented May 30, 2019

I'll let you know real quick what happens when this gets used against littlesnitch. It seems to hate synthetic events.

@busterb

This comment has been minimized.

Copy link
Member

commented May 31, 2019

Note, this does require you to grant access explicitly for macOS, though on Windows it's wide-open by default.

@busterb busterb merged commit abbefab into rapid7:master May 31, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb added a commit to busterb/metasploit-framework that referenced this pull request May 31, 2019

jmartin-r7 added a commit that referenced this pull request May 31, 2019

@schierlm

This comment has been minimized.

Copy link
Contributor

commented Jun 7, 2019

Any plans of adding this to Java meterpreter?

Any plans of using this in combination with screenshot feature to implement some crude VNC emulation?

@timwr

This comment has been minimized.

Copy link
Contributor Author

commented Jun 8, 2019

I can certainly add this on Java (thanks for the API) not sure about python though.
Crude screenshot thing is here:
#11951
It's unclear how to best send keystrokes from the Javascript layer to metasploit thought. Maybe Ajax+rest API?

@schierlm

This comment has been minimized.

Copy link
Contributor

commented Jun 8, 2019

My first intuitive idea would have been to add the keystrokes/mouse clicks as parameters to the jpeg request of the next image. But then I noticed that the JPEG is not delivered via HTTP, but dumped to disk and loaded via file:// protocol...

Okay it is only local, but that may result in unneeded refreshes (same image) as well as unneeded delays...

So I would improve that (that it only requests screenshots on http request, and schedules the next refresh only after the previous image has been loaded) and sends the accumulated keystrokes/clicks when requesting the next image.

@tdoan-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 11, 2019

Release Notes

The stdapi ui extension now includes some basic commands that you can use to send mouse and keyboard inputs to a Meterpreter client.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.