Just to bring up a new twist here. Why not using meterpreter and do traffic re-routing.
HD this should be possible right? max On Nov 7, 2008, at 4:19 AM, H D Moore wrote: > On Thursday 06 November 2008, Bryan Richardson wrote: >> I'm wanting to write a Meterpreter script that can sniff traffic from >> an exploited Windows host. I *think* there is some built-in pcap >> functionality already in the Metasploit framework... is this correct? >> If so, can it be used in a script that can be ran from Meterpreter? > > The Pcap stuff in Metasploit only works on the attacker's machine, it > doesnt extend through any of the payloads. The easiest way to > accomplish > your goal is to write a Win32 sniffer as a Meterpreter extension and > implement a command protocol for start, stopping, and gathering data > from > this extension. Alternatively, just write a meterpreter script that > uploads an existing sniffer, execute it "channelized", and parse the > output to find what you are looking for. > >> Also, before I do this... does there happen to be a payload that >> already exists that can do this for me (or even one that does an nmap >> scan)? I took a little time to examine all the payloads that already >> exist, but none really jumped out at me as being able to do this sort >> of thing. > > None of the existing payloads can do this. > > -HD > > _______________________________________________ > Framework-Hackers mailing list > Framework-Hackers@spool.metasploit.com > http://spool.metasploit.com/mailman/listinfo/framework-hackers _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
