ScreenSpy – New Meterpreter Script Review

Yesterday a new Meterpreter script named “ScreenSpy” was added to the Metasploit redmine.

The script was written by Roni Bachar, You can read the official release notes on his Blog.

This Meterpreter script captures images on remote host desktop at a predefined interval and then displays the images sequence .

This emulates a live view of the remote host desktop, I have tested the script under ubuntu 10.04 64 bit system and it is working great on a lan connection, The display rate can be optimized for a wan connection by adjusting the delay setting:

meterpreter > run screenspy -h

Screenspy v1.0
--------------

Usage: bgrun screenspy -t 20 -d 1 => will take interactive Screenshot every sec for 20 sec long.
Usage: bgrun screenspy -t 60 -d 5 => will take interactive Screenshot every 5 sec for 1 min long.
Usage: bgrun screenspy -s windows -d 1 -t 60 => will take interactive Screenshot every 1 sec for 1 min long, windows local mode.

Author:Roni Bachar (@roni_bachar) roni.bachar.blog@gmail.com

OPTIONS:

    -d   The Delay in seconds between each screenshot.
    -h        Help menu.
    -s   The local system linux/windows
    -t   The time to run in sec.

Here is a video demo of the script:

The script should work on linux and windows version of Metasploit you can get the latest version here:

Update:

New feature added to the script by Xavier Poli, Recording of live session by rendering the images into an avi video file .

bgrun screenspy.rb -v -i -t 20 -d 1 => will only take interactive Screenshot every sec for 20 sec long. Verbose mode activated.
bgrun screenspy.rb -v -i -t 60 -d 5 => will only take interactive Screenshot every 5 sec for 1 min long. Verbose mode activated.
bgrun screenspy.rb -v -i -s windows -d 1 -t 60 => will only take interactive Screenshot every 1 sec for 1 min long, windows local mode. Verbose mode activated.
bgrun screenspy.rb -v -r -t 20 -d 1 => will only generate a recorded video (20 sec long, 1 screenshot every sec) of the session at the end with a default resolution at 640x480. Verbose mode activated.
bgrun screenspy.rb -v -i -r -t 20 -x 800x600 -d 1 => will take interactive Screenshot every sec for 20 sec long and will generate a recorded video of the session at the end with a 800x600 resolution. Verbose mode activated.

watch his video :

Get the latest version of the script:

Post to Twitter

2 Comments


  1. AbO-Ra3d
    May 29, 2011

    thank U >>> screenspy.rb this where i put it ?
    in meta folder ?? or where ???


  2. NightRanger
    May 29, 2011

    No need, its present in metasploit, if not, just ‘svn update’ and then use : ‘runbg screenspy’ in your meterpreter session, it should work.

Recent Posts