Skype payload?

[metafan at intern0t.net (MaXe)]

Hi there,


To inform my danish fellowman, the skype-trojan simple works by sending
the audio-output in small pieces to the attacker.
So basically, it doesn't have to decrypt the transmission at all since
Skype has already done that.
There is already the proof of concept and source which might be portable
to Metasploit (to make an audio tapping device),
however since there's plenty of RAT's and other tools to do that, then I
don't really see the purpose in that, yet.

Basically One could still just use the Meterpreter "shell" (I believe
it's more than just a shell), then have a cross-platform
skype-trojan which might be even better than the one provided from
Megapanzer and then just tap the audio directly.
By using the meterpreter shell, it could be as in upload and execute the
trojan, or use the xbackdoor proof of concept, or
perhaps make a meterpreter extension which I have no idea how could be
done, but should work fine in theory :-)

Anyway, in short I agree with Max Moser. But it could probably be done
with DLL injection, perhaps reflective.


Best regards,
MaXe


max wrote:
> I guess doing skype plugins as "payload" is the wrong way. Much more
> interesting and practical would be to get the mixed audio right out of
> operating system.
>
> just my 2 cents
>
> max
>
>
> Clausen, Martin (DK - Copenhagen) wrote:
>   
> > Hi,
> >  
> > Any plans on creating a Skype payload for Metasploit?
> >  
> > _http://www.scmagazineus.com/Skype-snooping-trojan-detected/article/147537/_
> >  
> > Martin
> >  
> >
> > -------------------------- Deloitte Disclaimer ---------------------------
> >
> > This message (including any attachments) contains confidential
> >
> > information intended for a specific individual and purpose, and
> >
> > is protected by law. If you are not the intended recipient, you
> >
> > should delete this message and are hereby notified that any
> >
> > disclosure, copying, or distribution of this message, or the
> >
> > taking of any action based on it, is strictly prohibited.
> >
> > --------------------------------------------------------------------------
> >
> >  
> >
> >  
> >
> > *Deloitte Touche Tohmatsu*
> >
> > Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss
> > Verein, and its network of member firms, each of which is a legally
> > separate and independent entity.  Please see www.deloitte.com/about for
> > a detailed description of the legal structure of Deloitte Touche
> > Tohmatsu and its Member Firms.
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework
> >     
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
>
>