Bryan,

This following link has an example of uploading via a meterpreter script:

http://www.metasploit.com/users/mc/rand/CVE_2007_0161.rb

hope it helps.

On Fri, 7 Nov 2008, Bryan Richardson wrote:

> Good Morning HD,
> 
> Thanks for the suggestions.  Any chance you can point me to some sample
> Meterpreter script code that uploads files to the exploited machine?
> 
> --
> Thanks!
> Bryan
> 
> On Thu, Nov 6, 2008 at 8:19 PM, H D Moore <[EMAIL PROTECTED]> wrote:
> 
> > On Thursday 06 November 2008, Bryan Richardson wrote:
> > > I'm wanting to write a Meterpreter script that can sniff traffic from
> > > an exploited Windows host.  I *think* there is some built-in pcap
> > > functionality already in the Metasploit framework... is this correct?
> > > If so, can it be used in a script that can be ran from Meterpreter?
> >
> > The Pcap stuff in Metasploit only works on the attacker's machine, it
> > doesnt extend through any of the payloads. The easiest way to accomplish
> > your goal is to write a Win32 sniffer as a Meterpreter extension and
> > implement a command protocol for start, stopping, and gathering data from
> > this extension. Alternatively, just write a meterpreter script that
> > uploads an existing sniffer, execute it "channelized", and parse the
> > output to find what you are looking for.
> >
> > > Also, before I do this... does there happen to be a payload that
> > > already exists that can do this for me (or even one that does an nmap
> > > scan)?  I took a little time to examine all the payloads that already
> > > exist, but none really jumped out at me as being able to do this sort
> > > of thing.
> >
> > None of the existing payloads can do this.
> >
> > -HD
> >
> > _______________________________________________
> > Framework-Hackers mailing list
> > Framework-Hackers@spool.metasploit.com
> > http://spool.metasploit.com/mailman/listinfo/framework-hackers
> >
> 

-- 
~ mc

_______________________________________________
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers

Reply via email to