Just to bring up a new twist here. Why not using meterpreter and do
HD this should be possible right?
On Nov 7, 2008, at 4:19 AM, H D Moore wrote:
> On Thursday 06 November 2008, Bryan Richardson wrote:
>> I'm wanting to write a Meterpreter script that can sniff traffic from
>> an exploited Windows host. I *think* there is some built-in pcap
>> functionality already in the Metasploit framework... is this correct?
>> If so, can it be used in a script that can be ran from Meterpreter?
> The Pcap stuff in Metasploit only works on the attacker's machine, it
> doesnt extend through any of the payloads. The easiest way to
> your goal is to write a Win32 sniffer as a Meterpreter extension and
> implement a command protocol for start, stopping, and gathering data
> this extension. Alternatively, just write a meterpreter script that
> uploads an existing sniffer, execute it "channelized", and parse the
> output to find what you are looking for.
>> Also, before I do this... does there happen to be a payload that
>> already exists that can do this for me (or even one that does an nmap
>> scan)? I took a little time to examine all the payloads that already
>> exist, but none really jumped out at me as being able to do this sort
>> of thing.
> None of the existing payloads can do this.
> Framework-Hackers mailing list
Framework-Hackers mailing list