Automate Your Pen Testing with Fast-Track and Linux - Page 2

By Paul Rubens | Posted Jan 6, 2010
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Using Meterpreter

Meterpreter is a very powerful advanced payload which enables a hacker to do a great deal of harm to a system very easily using a few simple commands such as:

  • hashdump, which dumps the contents of the compromised machine's SAM databases (which can then be subjected to an offline attack using a tool like John the Ripper to crack passwords
  • upload, which uploads a file or directory, perhaps to help compromise this or other machines on the network further. For example, a hacker could upload (and then execute) a Trojan to ensure that he has easy access to the machine in the future, even if the vulnerability which that provided access to the machine this time is patched.
  • keyscan_start, keyscan_stop, keyscan_dump are used to capture keystrokes on the compromised machine, and then dump them to the attacking machine.

or simply: shell, which provides a command prompt on the compromised machine, from where the attacker could create or remove user accounts and get up to all kinds of mischief.

The screenshot below illustrates dropping from the meterpreter> prompt to a command prompt using the shell command, adding a user account "evilhacker2" with a password "evil" to the compromised machine, and then exiting to the meterpreter> prompt to dump the machine's SAM.

Scary stuff! The key thing here is to identify and fix the vulnerabilities that has been successfully exploited. To identify them, visit the Metasploit module browser and search for the vulnerabilities revealed by the sessions --v command. For example, the first vulnerability, ms03_026_dcom, can be identified as the Microsoft RPC DCOM Interface Overflow. There's a link to the original Microsoft security bulletin about this vulnerability, and the solution, in this case, is to apply a Microsoft security patch.

Once any vulnerable machines have been patched it makes sense to reboot them and run autopwn again to ensure that they are no longer vulnerable.

In the next piece in this series, we'll take a look at another automated pen testing technique offered by Fast-Track: the Mass Client-Side Attack option.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter