Metasploit: Post exploitation with meterpreter

Exploit and payload preparation

remote host, local host and local port setting. This is the preparation for stagers payload and stages payload.

Start the exploit

RPC dcom exploit was successful, stagers payload overwritten the victim machine buffer, and stages payload (meterpreter) uploaded and dll injected victim machine's process.

Post exploitation: Understand the exploited environment

Whoami

I am an administrator.

What is the machine?

sysinfo get the detail of the exploited system.

Which process has meterpreter attached to?

meterpreter attaches itself to svchost.exe

Post exploitation: Using script to enhance your finding

Is this a real machine or virtual machine?

Windows XP is on Oracle virtualbox.

What is the user doing now? Can I see it?

This is the screen_spy ruby script, it works the same as screenshot command in metasploit.

A screenshot will pop up.

Oh by the way…is this machine idle or actively used by user?

This machine is actively used by user...will the victim discovered something fishy?

What are the applications installed on victim’s system?

A list of installed applications is shown and saved as a txt file.

Alternatively I could run get_application_list script to get the same result.

I want to know and retrieve victim’s browser history

retrieving history from victim's browser

Post exploitation: using scraper

Scraper is an automated script that gathers the victim machine environment information

information gathered and stored by scraper.

Checking out the user data of the victim machine gathered and stored by scraper.

Final thoughts

Metasploit is indeed a powerful platform for testing exploitation scripts and use the written scripts to conduct pentesting. However the more I use metasploit the more keen I am to learn at least one script so that I am not limiting myself to the current scripts provided by metasploit framework.

Advertisements
This entry was posted in Security, Vulnerability Assessment and Pentest and tagged , , , , , , , . Bookmark the permalink.

One Response to Metasploit: Post exploitation with meterpreter

  1. Pingback: Security News « CyberOperations

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s