June 2019
Beginner to intermediate
660 pages
14h 30m
English
Metasploit includes a module that can phish for login passwords. It generates a login popup similar to an authentic Windows popup that can harvest credentials, and since it is posing as a legitimate login, the user is forced to fill in the credentials and then proceed with this ongoing operation. We can phish for a user's login by running post/windows/gather/phish_login_pass. As soon as we run this module, the fake login box pops up at the target, as shown in the following screenshot:

Once the target fills out the credentials, we are provided with the credentials in plain text, as shown in the following screenshot: ...
Read now
Unlock full access