Good Morning HD, Thanks for the suggestions. Any chance you can point me to some sample Meterpreter script code that uploads files to the exploited machine?
-- Thanks! Bryan On Thu, Nov 6, 2008 at 8:19 PM, H D Moore <[EMAIL PROTECTED]> wrote: > On Thursday 06 November 2008, Bryan Richardson wrote: > > I'm wanting to write a Meterpreter script that can sniff traffic from > > an exploited Windows host. I *think* there is some built-in pcap > > functionality already in the Metasploit framework... is this correct? > > If so, can it be used in a script that can be ran from Meterpreter? > > The Pcap stuff in Metasploit only works on the attacker's machine, it > doesnt extend through any of the payloads. The easiest way to accomplish > your goal is to write a Win32 sniffer as a Meterpreter extension and > implement a command protocol for start, stopping, and gathering data from > this extension. Alternatively, just write a meterpreter script that > uploads an existing sniffer, execute it "channelized", and parse the > output to find what you are looking for. > > > Also, before I do this... does there happen to be a payload that > > already exists that can do this for me (or even one that does an nmap > > scan)? I took a little time to examine all the payloads that already > > exist, but none really jumped out at me as being able to do this sort > > of thing. > > None of the existing payloads can do this. > > -HD > > _______________________________________________ > Framework-Hackers mailing list > Framework-Hackers@spool.metasploit.com > http://spool.metasploit.com/mailman/listinfo/framework-hackers >
_______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers