Metasploit mailing list archives
Skype payload?
From: metafan at intern0t.net (MaXe)
Date: Tue, 01 Sep 2009 11:58:20 +0200
Hi there, To inform my danish fellowman, the skype-trojan simple works by sending the audio-output in small pieces to the attacker. So basically, it doesn't have to decrypt the transmission at all since Skype has already done that. There is already the proof of concept and source which might be portable to Metasploit (to make an audio tapping device), however since there's plenty of RAT's and other tools to do that, then I don't really see the purpose in that, yet. Basically One could still just use the Meterpreter "shell" (I believe it's more than just a shell), then have a cross-platform skype-trojan which might be even better than the one provided from Megapanzer and then just tap the audio directly. By using the meterpreter shell, it could be as in upload and execute the trojan, or use the xbackdoor proof of concept, or perhaps make a meterpreter extension which I have no idea how could be done, but should work fine in theory :-) Anyway, in short I agree with Max Moser. But it could probably be done with DLL injection, perhaps reflective. Best regards, MaXe max wrote:
I guess doing skype plugins as "payload" is the wrong way. Much more interesting and practical would be to get the mixed audio right out of operating system. just my 2 cents max Clausen, Martin (DK - Copenhagen) wrote:Hi, Any plans on creating a Skype payload for Metasploit? _http://www.scmagazineus.com/Skype-snooping-trojan-detected/article/147537/_ Martin -------------------------- Deloitte Disclaimer --------------------------- This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. -------------------------------------------------------------------------- *Deloitte Touche Tohmatsu* Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its Member Firms. ------------------------------------------------------------------------ _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Skype payload? Clausen, Martin (DK - Copenhagen) (Aug 31)
- Skype payload? max (Aug 31)
- Skype payload? MaXe (Sep 01)
- pass stealing ( i don't know hashing ) Enea Çobo (Sep 01)
- pass stealing ( i don't know hashing ) Tommy Elliott (Sep 01)
- pass stealing ( i don't know hashing ) Matt Bragano (Sep 01)
- Skype payload? MaXe (Sep 01)
- Skype payload? max (Aug 31)