Metasploit mailing list archives
Meterpreter Sniffer module
From: hdm at metasploit.com (HD Moore)
Date: Mon, 13 Jul 2009 07:19:13 -0500
On Mon, 13 Jul 2009 03:39:00 -0500, jep <watthafxk at gmail.com> wrote:
Hi list, I used ms05_039_pnp with meterpreter to target win2k server running on virtual box, I found that the target machine produced BSOD and rebooted after a couple of minutes after I used sniffer_stop 1 command.
On VMWare, this can cause a "Fatal error 6" and kill the VMWare host process as well. It occurs when the sniffer_stop command is used, and even more commonly, when a background meterpreter process that is actively sniffing is killed by the task manager. I am still tracking down the cause - my guess is a driver hook isn't properly removed on shutdown (or there is call I am forgetting to make). -HD
Current thread:
- Meterpreter Sniffer module, (continued)
- Meterpreter Sniffer module xyberpix (Jul 11)
- Meterpreter Sniffer module HD Moore (Jul 11)
- Meterpreter Sniffer module xyberpix (Jul 11)
- Meterpreter Sniffer module HD Moore (Jul 11)
- Meterpreter Sniffer module HD Moore (Jul 11)
- Meterpreter Sniffer module Carlos Perez (Jul 11)
- Meterpreter Sniffer module xyberpix (Jul 11)
- Meterpreter Sniffer module Carlos Perez (Jul 11)
- Meterpreter Sniffer module xyberpix (Jul 11)
- Meterpreter Sniffer module HD Moore (Jul 11)
- Meterpreter Sniffer module xyberpix (Jul 12)
- Meterpreter Sniffer module jep (Jul 13)
- Meterpreter Sniffer module HD Moore (Jul 13)