On Thursday 06 November 2008, Bryan Richardson wrote:
> I'm wanting to write a Meterpreter script that can sniff traffic from
> an exploited Windows host.  I *think* there is some built-in pcap
> functionality already in the Metasploit framework... is this correct? 
> If so, can it be used in a script that can be ran from Meterpreter?

The Pcap stuff in Metasploit only works on the attacker's machine, it 
doesnt extend through any of the payloads. The easiest way to accomplish 
your goal is to write a Win32 sniffer as a Meterpreter extension and 
implement a command protocol for start, stopping, and gathering data from 
this extension. Alternatively, just write a meterpreter script that 
uploads an existing sniffer, execute it "channelized", and parse the 
output to find what you are looking for.

> Also, before I do this... does there happen to be a payload that
> already exists that can do this for me (or even one that does an nmap
> scan)?  I took a little time to examine all the payloads that already
> exist, but none really jumped out at me as being able to do this sort
> of thing.

None of the existing payloads can do this.


Framework-Hackers mailing list

Reply via email to