On Thursday 06 November 2008, Bryan Richardson wrote: > I'm wanting to write a Meterpreter script that can sniff traffic from > an exploited Windows host. I *think* there is some built-in pcap > functionality already in the Metasploit framework... is this correct? > If so, can it be used in a script that can be ran from Meterpreter?
The Pcap stuff in Metasploit only works on the attacker's machine, it doesnt extend through any of the payloads. The easiest way to accomplish your goal is to write a Win32 sniffer as a Meterpreter extension and implement a command protocol for start, stopping, and gathering data from this extension. Alternatively, just write a meterpreter script that uploads an existing sniffer, execute it "channelized", and parse the output to find what you are looking for. > Also, before I do this... does there happen to be a payload that > already exists that can do this for me (or even one that does an nmap > scan)? I took a little time to examine all the payloads that already > exist, but none really jumped out at me as being able to do this sort > of thing. None of the existing payloads can do this. -HD _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
