Post Exploitation Using Meterpreter

1,981 views
1,827 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,981
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
57
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Post Exploitation Using Meterpreter

  1. 1. Post Exploitation Using Meterpreter
  2. 2. • Who am I ? • Meterpreter • Meterpreter..why?Agenda • Meterpreter..how? • Command Classification • Post Exploitation • Conclusion
  3. 3. Shubham Mittal Security Consultant @ Hackplanet Technologies Penetration Tester Areas Of Working AV Evasion Malware Analysis Metasploit SOC
  4. 4. Meterpreter Meterpreter– Advance Multi Function payload.– Provides core complex and advanced features.– Injects itself into running process.– Meterpreter = Meta Interpreter, interprets commands from one machine to another.
  5. 5. Meterpreter Meterpreter .. Why?– Normal Payloads : – Creates a new Process at the target machine. – Don’t work in chroot’d environments. – Limited to commands available on the shell only.– Meterpreter: – Everything goes into memory, No I/O operations to HDD, hence less detectable. – Works in chroot’d environment [works in context of exploited process]. – Different extensions can be loaded on the fly during post exploitation. – Plus Meterpreter Scripting
  6. 6. Meterpreter .. Why? A handler is fired. Remote Machine Enumeration Vulnerability is triggered. Payload delivered, using DLL injection Payload reverts Back, pwning a shell
  7. 7. Command Classification Meterpreter Session Extension- Extension- Extention- Core STDapi Priv Espia Sniffer IncognitoCommands Commands Commands Commands Commands Commands
  8. 8. Post Exploitation• Enumeration of Machine• Screenshots, keyloggers, VNC, etc.• Privilege Escalation• Back-dooring• Session Up gradation• Information Harvesting• Pivoting
  9. 9. Pivoting : The Network we will Follow
  10. 10. Conclusion• Ideal stealth vector for process injection.• Can be a nice tool to integrate with future exploits.• Meterpreter scripting will definitely give an aid.• Expectations never ends 
  11. 11. Got queries, suggestions, comments : shubham@hackplanet.in

×