Meterpreter Sniffer

[btricha at gmail.com (Bryan Richardson)]

Thanks for the feedback HD.  I suspect the return values are accurate...
it's just returning false because the run_cmd stuff isn't working
correctly.  I looked for a client.sniffer API to automate Meterpreter but
didn't find one.  I looked in the documentation (which I assumed wasn't
up-to-date with the development trunk but looked anyway) and also printed
out all the methods available for a Meterpreter session object in IRB and
didn't see anything obvious there either.  Am I overlooking something?

I have to believe the second session is fine, because I can still set up
pivoting through it and the 'use sniffer' command seems to work fine (well,
it returns true instead of false anyway).

--
Bryan

On Mon, Aug 17, 2009 at 12:05 PM, HD Moore <hdm at metasploit.com> wrote:

> On Mon, 17 Aug 2009 12:30:50 -0500, Bryan Richardson <btricha at gmail.com>
> wrote:
>
>  creating a multi/handler exploit object with Msf::Simple::Framework, I
> > have problems.  I can do "session.run_cmd 'use sniffer'" and I get a 'true'
> > returned.  But as soon as I try to start the sniffer I get a false
> > returned.
> >
> > Any ideas why this is happening?  I know the sniffer stuff is still in the
> > dev trunk, so I was just curious if anyone else has seen this or might now
> > what the problem is.
>
> There should be no difference in the type of object returned or its
> capabilities, but using the "client.run_cmd" and "session.run_cmd" methods
> isn't really supported, all meterpreter scripts currently use the raw
> client.*.api calls to automate meterpreter. As far as the return values go,
> there should be no difference, any chance something went wrong in the second
> session?
>
> -HD
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090817/065124b0/attachment.html>