SlideShare ist ein Scribd-Unternehmen logo

Post Exploitation Using Meterpreter

Als PPTX, PDF herunterladen
Shubham Mittal
Shubham Mittal
Technologie
1 von 11
Post Exploitation Using Meterpreter
• Who am I ? • Meterpreter • Meterpreter..why? Agenda • Meterpreter..how? • Command Classification • Post Exploitation • Conclusion
Shubham Mittal Security Consultant @ Hackplanet Technologies Penetration Tester Areas Of Working AV Evasion Malware Analysis Metasploit SOC
Meterpreter Meterpreter – Advance Multi Function payload. – Provides core complex and advanced features. – Injects itself into running process. – Meterpreter = Meta Interpreter, interprets commands from one machine to another.
Meterpreter Meterpreter .. Why? – Normal Payloads : – Creates a new Process at the target machine. – Don’t work in chroot’d environments. – Limited to commands available on the shell only. – Meterpreter: – Everything goes into memory, No I/O operations to HDD, hence less detectable. – Works in chroot’d environment [works in context of exploited process]. – Different extensions can be loaded on the fly during post exploitation. – Plus Meterpreter Scripting
Meterpreter .. Why? A handler is fired. Remote Machine Enumeration Vulnerability is triggered. Payload delivered, using DLL injection Payload reverts Back, pwning a shell
Command Classification Meterpreter Session Extension- Extension- Extention- Core STDapi Priv Espia Sniffer Incognito Commands Commands Commands Commands Commands Commands
Post Exploitation • Enumeration of Machine • Screenshots, keyloggers, VNC, etc. • Privilege Escalation • Back-dooring • Session Up gradation • Information Harvesting • Pivoting
Pivoting : The Network we will Follow
Conclusion • Ideal stealth vector for process injection. • Can be a nice tool to integrate with future exploits. • Meterpreter scripting will definitely give an aid. • Expectations never ends 
Got queries, suggestions, comments : shubham@hackplanet.in

Empfohlen

Messing around avs
Messing around avsMessing around avs
Messing around avs
Shubham Mittal
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Shota Shinogi
 
ShinoBOT Suite
ShinoBOT SuiteShinoBOT Suite
ShinoBOT Suite
Shota Shinogi
 
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat Security Conference
 
DefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm HoleDefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm Hole
DefCamp
 
IoT mit Rust programmieren
IoT mit Rust programmierenIoT mit Rust programmieren
IoT mit Rust programmieren
Lars Gregori
 
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary SimulationDefcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Mauricio Velazco
 
Practical Windows Kernel Exploitation
Practical Windows Kernel ExploitationPractical Windows Kernel Exploitation
Practical Windows Kernel Exploitation
zeroSteiner
 

Empfohlen

Messing around avs
Messing around avsMessing around avs
Messing around avs
Shubham Mittal
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Shota Shinogi
 
ShinoBOT Suite
ShinoBOT SuiteShinoBOT Suite
ShinoBOT Suite
Shota Shinogi
 
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat Security Conference
 
DefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm HoleDefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm Hole
DefCamp
 
IoT mit Rust programmieren
IoT mit Rust programmierenIoT mit Rust programmieren
IoT mit Rust programmieren
Lars Gregori
 
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary SimulationDefcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Mauricio Velazco
 
Practical Windows Kernel Exploitation
Practical Windows Kernel ExploitationPractical Windows Kernel Exploitation
Practical Windows Kernel Exploitation
zeroSteiner
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
Ramnath Shenoy
 
Python for pentesters
Python for pentestersPython for pentesters
Python for pentesters
Rashid feroz
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
Riyaz Walikar
 
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware AnalysisStealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware Analysis
Tamas K Lengyel
 
Fun With Dr Brown
Fun With Dr BrownFun With Dr Brown
Fun With Dr Brown
zeroSteiner
 
Is Rust Programming ready for embedded development?
Is Rust Programming ready for embedded development?Is Rust Programming ready for embedded development?
Is Rust Programming ready for embedded development?
Knoldus Inc.
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web Workshop
Dennis Maldonado
 
Linx privx privileges-sudo misconfiguration group and docker daemon privileges
Linx privx privileges-sudo misconfiguration group and docker daemon privilegesLinx privx privileges-sudo misconfiguration group and docker daemon privileges
Linx privx privileges-sudo misconfiguration group and docker daemon privileges
AliBawazeEer
 
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerThe Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
Joxean Koret
 
Fuzzing
FuzzingFuzzing
Fuzzing
Khalegh Salehi
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
Albert Hui
 
Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT) Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT)
Zoltan Balazs
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
n|u - The Open Security Community
 
OffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with XenOffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with Xen
Tamas K Lengyel
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
Tom Eston
 
Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#
Mauricio Velazco
 
Shusei tomonaga pac_sec_20171026
Shusei tomonaga pac_sec_20171026Shusei tomonaga pac_sec_20171026
Shusei tomonaga pac_sec_20171026
PacSecJP
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course Syllabus
Security Scope
 
Playing with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzPlaying with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritz
Deepanshu Gajbhiye
 
DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet.
Shubham Mittal
 
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON
 

Weitere ähnliche Inhalte

Was ist angesagt?

Python for pentesters
Python for pentestersPython for pentesters
Python for pentesters
Rashid feroz
 
Is Rust Programming ready for embedded development?
Is Rust Programming ready for embedded development?Is Rust Programming ready for embedded development?
Is Rust Programming ready for embedded development?
Knoldus Inc.
 
Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#
Mauricio Velazco
 
Shusei tomonaga pac_sec_20171026
Shusei tomonaga pac_sec_20171026Shusei tomonaga pac_sec_20171026
Shusei tomonaga pac_sec_20171026
PacSecJP
 

Was ist angesagt? (20)

Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Python for pentesters
Python for pentestersPython for pentesters
Python for pentesters
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
 
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware AnalysisStealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware Analysis
 
Fun With Dr Brown
Fun With Dr BrownFun With Dr Brown
Fun With Dr Brown
 
Is Rust Programming ready for embedded development?
Is Rust Programming ready for embedded development?Is Rust Programming ready for embedded development?
Is Rust Programming ready for embedded development?
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web Workshop
 
Linx privx privileges-sudo misconfiguration group and docker daemon privileges
Linx privx privileges-sudo misconfiguration group and docker daemon privilegesLinx privx privileges-sudo misconfiguration group and docker daemon privileges
Linx privx privileges-sudo misconfiguration group and docker daemon privileges
 
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerThe Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
 
Fuzzing
FuzzingFuzzing
Fuzzing
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 
Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT) Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT)
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
 
OffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with XenOffensiveCon2022: Case Studies of Fuzzing with Xen
OffensiveCon2022: Case Studies of Fuzzing with Xen
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
 
Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#
 
Shusei tomonaga pac_sec_20171026
Shusei tomonaga pac_sec_20171026Shusei tomonaga pac_sec_20171026
Shusei tomonaga pac_sec_20171026
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course Syllabus
 
Playing with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzPlaying with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritz
 

Andere mochten auch

44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON
 
Denial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity NetworksDenial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity Networks
Jens Oberender
 
Offensive Security with Metasploit
Offensive Security with MetasploitOffensive Security with Metasploit
Offensive Security with Metasploit
egypt
 
Stealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploitStealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploit
Nullbyte Security Conference
 

Andere mochten auch (14)

DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet.
 
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves
 
Meterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideMeterpreter in Metasploit User Guide
Meterpreter in Metasploit User Guide
 
Denial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity NetworksDenial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity Networks
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
 
Ips and-ids
Ips and-idsIps and-ids
Ips and-ids
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
The complex patient vad ransplant vad exchange or hospice
The complex patient vad ransplant vad exchange or hospiceThe complex patient vad ransplant vad exchange or hospice
The complex patient vad ransplant vad exchange or hospice
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
 
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
 
Offensive Security with Metasploit
Offensive Security with MetasploitOffensive Security with Metasploit
Offensive Security with Metasploit
 
Stealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploitStealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploit
 
Hacking cable modems the later years
Hacking cable modems the later yearsHacking cable modems the later years
Hacking cable modems the later years
 

Ähnlich wie Post Exploitation Using Meterpreter

Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
Positive Hack Days
 
CSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCoreCSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCore
Anwar Mohamed
 
Client side exploits
Client side exploitsClient side exploits
Client side exploits
nickyt8
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
Le Quyen
 

Ähnlich wie Post Exploitation Using Meterpreter (20)

Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
Metasploit
MetasploitMetasploit
Metasploit
 
Hypervisors
HypervisorsHypervisors
Hypervisors
 
HKUST Security Lab Opening Ceremony
HKUST Security Lab Opening CeremonyHKUST Security Lab Opening Ceremony
HKUST Security Lab Opening Ceremony
 
Wielding a cortana
Wielding a cortanaWielding a cortana
Wielding a cortana
 
CSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCoreCSCAMP2013 - Introduction to pwnCore
CSCAMP2013 - Introduction to pwnCore
 
POTASSIUM: Penetration Testing as a Service
POTASSIUM: Penetration Testing as a ServicePOTASSIUM: Penetration Testing as a Service
POTASSIUM: Penetration Testing as a Service
 
Duck Hunter - The return of autorun
Duck Hunter - The return of autorunDuck Hunter - The return of autorun
Duck Hunter - The return of autorun
 
Nimrod duck hunter copy
Nimrod duck hunter copyNimrod duck hunter copy
Nimrod duck hunter copy
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber Weaponry
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Client side exploits
Client side exploitsClient side exploits
Client side exploits
 
DEF CON 27 - ALI ISLAM and DAN REGALADO WEAPONIZING HYPERVISORS
DEF CON 27 - ALI ISLAM and DAN REGALADO WEAPONIZING HYPERVISORSDEF CON 27 - ALI ISLAM and DAN REGALADO WEAPONIZING HYPERVISORS
DEF CON 27 - ALI ISLAM and DAN REGALADO WEAPONIZING HYPERVISORS
 
Mapping Detection Coverage
Mapping Detection CoverageMapping Detection Coverage
Mapping Detection Coverage
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudy
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
 
Fault tolerance
Fault toleranceFault tolerance
Fault tolerance
 
Fuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdfFuzzing_with_Xen.pdf
Fuzzing_with_Xen.pdf
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 

Kürzlich hochgeladen

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Kürzlich hochgeladen (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Post Exploitation Using Meterpreter

  • 2. • Who am I ? • Meterpreter • Meterpreter..why? Agenda • Meterpreter..how? • Command Classification • Post Exploitation • Conclusion
  • 3. Shubham Mittal Security Consultant @ Hackplanet Technologies Penetration Tester Areas Of Working AV Evasion Malware Analysis Metasploit SOC
  • 4. Meterpreter Meterpreter – Advance Multi Function payload. – Provides core complex and advanced features. – Injects itself into running process. – Meterpreter = Meta Interpreter, interprets commands from one machine to another.
  • 5. Meterpreter Meterpreter .. Why? – Normal Payloads : – Creates a new Process at the target machine. – Don’t work in chroot’d environments. – Limited to commands available on the shell only. – Meterpreter: – Everything goes into memory, No I/O operations to HDD, hence less detectable. – Works in chroot’d environment [works in context of exploited process]. – Different extensions can be loaded on the fly during post exploitation. – Plus Meterpreter Scripting
  • 6. Meterpreter .. Why? A handler is fired. Remote Machine Enumeration Vulnerability is triggered. Payload delivered, using DLL injection Payload reverts Back, pwning a shell
  • 7. Command Classification Meterpreter Session Extension- Extension- Extention- Core STDapi Priv Espia Sniffer Incognito Commands Commands Commands Commands Commands Commands
  • 8. Post Exploitation • Enumeration of Machine • Screenshots, keyloggers, VNC, etc. • Privilege Escalation • Back-dooring • Session Up gradation • Information Harvesting • Pivoting
  • 9. Pivoting : The Network we will Follow
  • 10. Conclusion • Ideal stealth vector for process injection. • Can be a nice tool to integrate with future exploits. • Meterpreter scripting will definitely give an aid. • Expectations never ends 
  • 11. Got queries, suggestions, comments : shubham@hackplanet.in