Metasploit: Post exploitation with meterpreter

Exploit and payload preparation

remote host, local host and local port setting. This is the preparation for stagers payload and stages payload.

Start the exploit

RPC dcom exploit was successful, stagers payload overwritten the victim machine buffer, and stages payload (meterpreter) uploaded and dll injected victim machine's process.

Post exploitation: Understand the exploited environment


I am an administrator.

What is the machine?

sysinfo get the detail of the exploited system.

Which process has meterpreter attached to?

meterpreter attaches itself to svchost.exe

Post exploitation: Using script to enhance your finding

Is this a real machine or virtual machine?

Windows XP is on Oracle virtualbox.

What is the user doing now? Can I see it?

This is the screen_spy ruby script, it works the same as screenshot command in metasploit.

A screenshot will pop up.

Oh by the way…is this machine idle or actively used by user?

This machine is actively used by user...will the victim discovered something fishy?

What are the applications installed on victim’s system?

A list of installed applications is shown and saved as a txt file.
Alternatively I could run get_application_list script to get the same result.

I want to know and retrieve victim’s browser history

retrieving history from victim's browser

Post exploitation: using scraper

Scraper is an automated script that gathers the victim machine environment information
information gathered and stored by scraper.
Checking out the user data of the victim machine gathered and stored by scraper.

Final thoughts

Metasploit is indeed a powerful platform for testing exploitation scripts and use the written scripts to conduct pentesting. However the more I use metasploit the more keen I am to learn at least one script so that I am not limiting myself to the current scripts provided by metasploit framework.


2 thoughts on “Metasploit: Post exploitation with meterpreter

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s