Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations.On OSX, the native command
screencapture
is used to capture screenshots.On Linux, there is the native command
xwd
. (Citation: Antiquated Mac Malware)
Use screencapture command to collect a full desktop screenshot
Supported Platforms: macOS
Name | Description | Type | Default Value |
---|---|---|---|
output_file | Output file path | Path | desktop.png |
screencapture
Use screencapture command to collect a full desktop screenshot
Supported Platforms: macOS
Name | Description | Type | Default Value |
---|---|---|---|
output_file | Output file path | Path | desktop.png |
screencapture -x
Use xwd command to collect a full desktop screenshot and review file with xwud
Supported Platforms: Linux
Name | Description | Type | Default Value |
---|---|---|---|
output_file | Output file path | Path | desktop.xwd |
xwd -root -out #{output_file}
xwud -in #{output_file}
Use import command to collect a full desktop screenshot
Supported Platforms: Linux
Name | Description | Type | Default Value |
---|---|---|---|
output_file | Output file path | Path | desktop.png |
import -window root