Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Post Exploitation Using Meterpreter

  • Login to see the comments

  • Be the first to like this

Post Exploitation Using Meterpreter

  1. 1. Post Exploitation Using Meterpreter
  2. 2. • Who am I ? • Meterpreter • Meterpreter..why?Agenda • • Command Classification • Post Exploitation • Conclusion
  3. 3. Shubham Mittal Security Consultant @ Hackplanet Technologies Penetration Tester Areas Of Working AV Evasion Malware Analysis Metasploit SOC
  4. 4. Meterpreter Meterpreter– Advance Multi Function payload.– Provides core complex and advanced features.– Injects itself into running process.– Meterpreter = Meta Interpreter, interprets commands from one machine to another.
  5. 5. Meterpreter Meterpreter .. Why?– Normal Payloads : – Creates a new Process at the target machine. – Don’t work in chroot’d environments. – Limited to commands available on the shell only.– Meterpreter: – Everything goes into memory, No I/O operations to HDD, hence less detectable. – Works in chroot’d environment [works in context of exploited process]. – Different extensions can be loaded on the fly during post exploitation. – Plus Meterpreter Scripting
  6. 6. Meterpreter .. Why? A handler is fired. Remote Machine Enumeration Vulnerability is triggered. Payload delivered, using DLL injection Payload reverts Back, pwning a shell
  7. 7. Command Classification Meterpreter Session Extension- Extension- Extention- Core STDapi Priv Espia Sniffer IncognitoCommands Commands Commands Commands Commands Commands
  8. 8. Post Exploitation• Enumeration of Machine• Screenshots, keyloggers, VNC, etc.• Privilege Escalation• Back-dooring• Session Up gradation• Information Harvesting• Pivoting
  9. 9. Pivoting : The Network we will Follow
  10. 10. Conclusion• Ideal stealth vector for process injection.• Can be a nice tool to integrate with future exploits.• Meterpreter scripting will definitely give an aid.• Expectations never ends 
  11. 11. Got queries, suggestions, comments :