Friday, June 10, 2016

METASPLOIT - Windows 7 - Sniffing


- Layout for this exercise:

- Metasploit provides the module sniffer, what be loaded from a meterpreter session:

- Checking how many interfaces are available for sniffing, let's take one with parameter "usable:true":

The sniffing process starts on interface 2, allocating 10000 packets to the buffer:

Some traffic is generated, for instance pinging from the attacker Kali to the victim Windows 7:

Statistics of the sniffing process:

 - Captured packets can be dumped to a file with pcap format, for instance let's name it readable_with_wireshark.pcap:

Stopping the sniffing process:

- From another console, captured packets can be read with Wireshark application:

- Wireshark shows all the traffic generated by the ping's between the attacker and the victim: