How to automate post exploitation with a Meterpreter script

Metasploit is a powerful attacking tool, but you can get the most out of it by automating the post exploitation stage.

After getting a shell on the victim system, if you run some commands recurrently, you can use a script to run them automatically for you.

To demonstrate this, I created a script, named netapi_post.rc, where I listed the commands I wanted to be automatically run.

After that, I exploited my victim XP machine by using the multi/handler exploit, setting up windows/meterpreter /reverse_TCP as a payload (check the embedded video for more details).


After getting a Meterpreter session open, I recalled the file created initially by running the command resource netapi_post.rc.

By launching the script created before, the commands contained inside it were automatically run.


The only downside to it is I had to be pretty fast entering some gibberish in my victim machine for the keylogger to capture keystrokes. 

Of course, in a real-world scenario, you'd have someone on the other end using the victim computer at the same time you run the keylogger on it.

Using scripts allows to extend Metasploit functionalities by automating the post-exploitation stage.

I'll return to this topic with more coming posts.

Additional Resources:

Comments

Related Posts Plugin for WordPress, Blogger...

Popular Posts

Contact Form

Name

Email *

Message *