Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:04
Okay, now that we've got a remote desktop connection available and a persistent neck yet,
00:10
listener,
00:12
another thing we want to think about is sniffing the traffic on this remote host on the victim host.
00:18
And if you're connected remotely, you gotta reverse connection through a firewall. Obviously, it's gonna be difficult thing to do. So weaken. Luckily, we can run a sniffer directly through the interpreter shell.
00:30
So what I do is first all verifying
00:33
that I have a system level account, which I do.
00:39
And I've just loaded the sniffer extension.
00:42
If I run the help command, you'll notice that all of my sniffer commands now appear
00:49
at the bottom of my help screen.
00:52
So the first thing I want to do is look at my interfaces.
00:57
We got three interfaces.
00:59
Looks like from the ones I see here, this is the one that's actually hosting my connection.
01:10
So what I want to do now is start sniffing on that
01:15
interface so super it's never start three.
01:19
It's telling me that it started to capture some packets,
01:22
and when I could do is I could, for instance,
01:27
I could tell that
01:30
whoops,
01:38
I could go back to my uh,
01:41
connection. Run. A director of command generates in traffic.
01:47
Still capturing packets.
01:49
Uh, I want to do now, though, is dunk those packets so I can run sniffer dump,
01:55
uh, interface three. And I'm gonna give it a
01:57
path. So Route
02:00
desktop. I'll call this sniff The cap
02:07
Looks like a captured 375 packets that would include a bunch of the you know, whatever connections that system is has going on, whatever day is going in and out, plus whatever information I just generated
02:23
and what I can then do is stop sniffing
02:27
Since I and we see that that's never gonna cap file, uh, showed up here.
02:32
So I might say that my my, uh, sniffing is done. Something to stop sniffing on Interface three.
02:42
Now, what I want to do is launch wire shock
02:46
so I could actually look at my packet capture and see what I've got.
02:53
I could open a file,
02:55
uh, my route. Just top. I've got sniffed out caps. I'll go ahead and open that.
03:00
It's got a full screen
03:05
and we can see that captured
03:08
375 packets, as it said,
03:13
and his information here looks like some net bios. Some are queries. Cem Veum, Air Traffic.
03:21
It's possible that this the system would be connecting to other systems, and I could therefore inspect all that traffic.
03:29
If you haven't used winner short before, it's ah, great tool,
03:34
and you can go into any particular packet and analyze all of its members. You can look at the flags, look at all the source
03:40
and sore sport, source, address, destination, poor destination address and so on.
03:46
And you can see anything you want to know about any given packet that you've decided to analyze.
03:53
All right, So, having a sniffers, they're useful. And
03:57
as long as the interpreter Shell is active, you can start and stop the sniffer
04:01
all the while dumping the traffic back to your local machine for subsequent analysis.
04:08
All right, see, in the next section.

Up Next

Metasploit

This Metasploit tutorial will teach you to utilize the deep capabilities of Metasploit for penetration testing and help you to prepare to run vulnerability assessments for organizations of any size.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor