• Who am I ? • Meterpreter • Meterpreter..why?Agenda • Meterpreter..how? • Command Classification • Post Exploitation • Conclusion
Shubham Mittal Security Consultant @ Hackplanet Technologies Penetration Tester Areas Of Working AV Evasion Malware Analysis Metasploit SOC
Meterpreter Meterpreter– Advance Multi Function payload.– Provides core complex and advanced features.– Injects itself into running process.– Meterpreter = Meta Interpreter, interprets commands from one machine to another.
Meterpreter Meterpreter .. Why?– Normal Payloads : – Creates a new Process at the target machine. – Don’t work in chroot’d environments. – Limited to commands available on the shell only.– Meterpreter: – Everything goes into memory, No I/O operations to HDD, hence less detectable. – Works in chroot’d environment [works in context of exploited process]. – Different extensions can be loaded on the fly during post exploitation. – Plus Meterpreter Scripting
Meterpreter .. Why? A handler is fired. Remote Machine Enumeration Vulnerability is triggered. Payload delivered, using DLL injection Payload reverts Back, pwning a shell