Meterpreter tcpdump script

[matteo.cantoni at gmail.com (Matteo Cantoni)]

Hi,

ok ok I know this is a simple meterpreter script, but it seem works and I
wrote it drinking some beers in a pub :)

1) clears all the event logs (if log_clear is 1)
2) upload tcpdump.exe (compiled with Packet Sniffer SDK, WinPCap is not
required) on target with random name
3) create a dump file with random name
4) kill sniffer's process on target
5) download dump file from target
6) remove sniffer and dump from target
7) clears all the event logs (if log_clear is 1)

meterpreter > run tcpdump
[*] Clearing the all events logs!
[*] Uploading executable OROPJ.exe to target!
[*] Sniffing for 600 seconds! (interface 2, dump file ZZTCN.pcap)
[*] Killing off OROPJ.exe after 600 seconds (pid 744)
[*] Downloading dump file ZZTCN.pcap...
[*] Removing OROPJ.exe and ZZTCN.pcap!
[*] Clearing the all events logs!
[*] Done!
meterpreter >

You could add also some tcpdump filters etc...

- http://www.nothink.org/metasploit/tcpdump.rb
-
http://www.softpedia.com/get/Network-Tools/Network-Tools-Suites/PacketStuff-Network-Toolkit.shtml(tnx
Thierry)

Matteo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081112/489d75fd/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tcpdump.rb
Type: application/x-ruby
Size: 2376 bytes
Desc: not available
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081112/489d75fd/attachment.rb>