Automate Your Pen Testing with Fast-Track and Linux - Page 2
Meterpreter is a very powerful advanced payload which enables a hacker to do a great deal of harm to a system very easily using a few simple commands such as:
- hashdump, which dumps the contents of the compromised machine's SAM databases (which can then be subjected to an offline attack using a tool like John the Ripper to crack passwords
- upload, which uploads a file or directory, perhaps to help compromise this or other machines on the network further. For example, a hacker could upload (and then execute) a Trojan to ensure that he has easy access to the machine in the future, even if the vulnerability which that provided access to the machine this time is patched.
- keyscan_start, keyscan_stop, keyscan_dump are used to capture keystrokes on the compromised machine, and then dump them to the attacking machine.
or simply: shell, which provides a command prompt on the compromised machine, from where the attacker could create or remove user accounts and get up to all kinds of mischief.
The screenshot below illustrates dropping from the meterpreter> prompt to a command prompt using the shell command, adding a user account "evilhacker2" with a password "evil" to the compromised machine, and then exiting to the meterpreter> prompt to dump the machine's SAM.
Once any vulnerable machines have been patched it makes sense to reboot them and run autopwn again to ensure that they are no longer vulnerable.
In the next piece in this series, we'll take a look at another automated pen testing technique offered by Fast-Track: the Mass Client-Side Attack option.