post exploitation using meterpreter
DESCRIPTION
TRANSCRIPT
![Page 1: Post Exploitation Using Meterpreter](https://reader035.vdocuments.site/reader035/viewer/2022081413/5498ea03b4795945568b46ca/html5/thumbnails/1.jpg)
Post ExploitationUsing Meterpreter
![Page 2: Post Exploitation Using Meterpreter](https://reader035.vdocuments.site/reader035/viewer/2022081413/5498ea03b4795945568b46ca/html5/thumbnails/2.jpg)
• Who am I ?• Meterpreter• Meterpreter..why?• Meterpreter..how?• Command
Classification• Post Exploitation • Conclusion
Agenda
![Page 3: Post Exploitation Using Meterpreter](https://reader035.vdocuments.site/reader035/viewer/2022081413/5498ea03b4795945568b46ca/html5/thumbnails/3.jpg)
Shubham Mittal
Security Consultant @ Hackplanet TechnologiesPenetration Tester Areas Of Working
AV EvasionMalware AnalysisMetasploitSOC
![Page 4: Post Exploitation Using Meterpreter](https://reader035.vdocuments.site/reader035/viewer/2022081413/5498ea03b4795945568b46ca/html5/thumbnails/4.jpg)
MeterpreterMeterpreter
– Advance Multi Function payload.– Provides core complex and advanced features.– Injects itself into running process.– Meterpreter = Meta Interpreter, interprets commands from
one machine to another.
![Page 5: Post Exploitation Using Meterpreter](https://reader035.vdocuments.site/reader035/viewer/2022081413/5498ea03b4795945568b46ca/html5/thumbnails/5.jpg)
MeterpreterMeterpreter .. Why?
– Normal Payloads :– Creates a new Process at the target machine.– Don’t work in chroot’d environments.– Limited to commands available on the shell only.
– Meterpreter:– Everything goes into memory, No I/O operations to HDD, hence less
detectable.– Works in chroot’d environment [works in context of exploited process].– Different extensions can be loaded on the fly during post exploitation.– Plus Meterpreter Scripting
![Page 6: Post Exploitation Using Meterpreter](https://reader035.vdocuments.site/reader035/viewer/2022081413/5498ea03b4795945568b46ca/html5/thumbnails/6.jpg)
A handler is fired.
Remote Machine Enumeration
Vulnerability is triggered.
Payload delivered, using DLL injection
Payload reverts Back, pwning a shell
Meterpreter .. Why?
![Page 7: Post Exploitation Using Meterpreter](https://reader035.vdocuments.site/reader035/viewer/2022081413/5498ea03b4795945568b46ca/html5/thumbnails/7.jpg)
Command Classification
Meterpreter
Session
Core Commands
STDapi Commands
Priv Commands
Extension- Espia
Commands
Extension- Sniffer
Commands
Extention- Incognito
Commands
![Page 8: Post Exploitation Using Meterpreter](https://reader035.vdocuments.site/reader035/viewer/2022081413/5498ea03b4795945568b46ca/html5/thumbnails/8.jpg)
• Enumeration of Machine• Screenshots, keyloggers, VNC, etc.• Privilege Escalation• Back-dooring• Session Up gradation• Information Harvesting• Pivoting
Post Exploitation
![Page 9: Post Exploitation Using Meterpreter](https://reader035.vdocuments.site/reader035/viewer/2022081413/5498ea03b4795945568b46ca/html5/thumbnails/9.jpg)
Pivoting : The Network we will Follow
![Page 10: Post Exploitation Using Meterpreter](https://reader035.vdocuments.site/reader035/viewer/2022081413/5498ea03b4795945568b46ca/html5/thumbnails/10.jpg)
Conclusion
• Ideal stealth vector for process injection.• Can be a nice tool to integrate with future
exploits.• Meterpreter scripting will definitely give an
aid.• Expectations never ends
![Page 11: Post Exploitation Using Meterpreter](https://reader035.vdocuments.site/reader035/viewer/2022081413/5498ea03b4795945568b46ca/html5/thumbnails/11.jpg)
Got queries, suggestions, comments : [email protected]