Metasploit: About Meterpreter

Meterpreter is a tool that is packaged together with the metasploit framework. The features of meterpreter are:

1. Does not create any files on the harddisk, it resides in memory and attaches itself to a process.

2. client-server communication is in the form of type-length-value (TLV) format.

3. client-server communication between attacker machine and victim machine is encrypted.

Data is encrypted. 192.168.20.12 is the attacker and 192.168.20.18 is the victim.

4. It provides a platform to write extensions.

How it works

Step 1: Apply exploit and 1st stage payload (such as reverse tcp binding) to the victim machine.

Step 2: Victim machine connects (using reverse tcp binding) back to attacker’s machine.

Step 3: Meterpreter on the attacker’s machine sends the 2nd stage payload that does DLL injection.

Step 4: Meterpreter on the attacker machine sends server DLL to the victim machine.

Step 5: Client-server communication establishes.

Demonstration

The victim machine is a Windows XP which is vulnerable to netapi exploit. Choose the exploit with the great ranking.

Use the ms08_067 exploit. The configurable options are shown.

meterpreter payload for windows dll injection.

remote host is the victim, local host is the attacker.

Start the exploit. Meterpreter sent 752KB of payload to the victim. No errors, and a meterpreter prompt appeared mean the exploit was successful.

For a list of meterpreter commands use help or ?.

As shown, meterpreter has attached itself to svchost.exe.

meterpreter can attach itself to another process using the migratecommand. For this demo, attacker migrated meterpreter from svchost.exe to winlogon.exe which is pid 540.

For some reason the keyscan_dump was not working….Meterpreter can do keylogging.

http://www.offensive-security.com/metasploit-unleashed/Keylogging

To know your user privilege level.

Obtain a screenshot of victim's machine.

Reference

http://mandeeplubana.blogspot.com/2011/02/meterpreter-is-advanced-dynamically.html

http://www.securitytube.net/video/801

http://www.offensive-security.com/metasploit-unleashed/Main_Page

Advertisements
This entry was posted in Security, Vulnerability Assessment and Pentest and tagged , , , , , . Bookmark the permalink.

3 Responses to Metasploit: About Meterpreter

  1. Hack The Planet says:

    Nice Work. Keep it up,

    actually this video is also good. I mean i learned lots things about meterpreter. Maybe you like it 🙂

    http://www.securitytube.net/video/2637
    HaPPY Hacking

  2. cyruslab says:

    Hey Hack The Planet, thanks for your encouragement, I will sure keep it up, and thanks for referring the link. 🙂

  3. Pingback: ISE 620 Final Project Guidelines and Rubric

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s