Sunday, July 12, 2009

Meterpreter Sniffer Module

An early beta of the Meterpreter sniffer module is now available in Metasploit SVN(3.3-dev)

HD released today a early sniffer beta module. This module uses the MicroOLAP Packet Sniffer SDK whish is a commercial product, it can sniff packets from the target system without writing to the filesystem or installing any drivers this adds to the stealthinest of the Meterpreter module. The module automatically excludes its own control traffic from the packet capture. I have tested this module in the following

Windows Versions and Privileges:
Windows XP SP3 32 Bit - Administrator
Windows 2003 SP2 32 bit - Administrator
Windows 2008 SP2 32 bit - Administrator
Vista SP2 32 bit with UAC - Administrator
Vista SP2 32 bit no UAC - Administrator
Windows 7 32 bit with UAC - Administrator
Windows 7 32 bit no UAC - Administrator
Vista SP2 32 bit with UAC - System
Windows 7 32 bit with UAC - System


It worked on most the configurations without ay problems, except for Windows Vista and Windows 7 with UAC enabled and running as Local Administrator, when ran as system the UAC protection was not able to mitigate the attack.

to start using this module one must only load the module while in a Meterpreter shell on a compromised target. This is achieved in the following manner:
See Here

See also: Video Demonstration

No comments: