Bug Payload.

[ralph at inputplus.co.uk (Ralph Corderoy)]

Hi Steve,

Steve Bonds wrote:
> On Fri, 13 Aug 2004, Ralph Corderoy ralph-at-inputplus.co.uk |Metasploit|
> wrote:
> > I've just come across Metasploit and thought I'd pipe up about a
> > payload I've often considered.  Lots of PCs have a microphone, one
> > way or another.  Streaming audio from the target host would be a
> > serious security compromise in many situations, e.g. I telephone an
> > estate agent, make an offer on the property, and then his PC
> > eavesdrops on his telephone conversation with the vendor.
>
> It seems to me that if you wanted to demonstrate this, it could easily
> be done by uploading the appropriate program/script and running it,
> which is already build into metasploit.
>
> The framework is used to provide access, what you do from there is
> left up to you.  ;-)

You're quite right, of course.  I did realise that.  I just hadn't heard
of it being done and thought I'd mention it to those interested in the
impact of insecure machines.

If I could code for Win32 instead of Unix I'd have probably tried it by
now.  :-)

Cheers,


Ralph.