The Art of Network Penetration Testing: How to Take Over Any Company in the World by Royce Davis

Author:Royce Davis [Davis, Royce]
Language: eng
Format: epub, pdf
Tags: computers, Security, Networking, General
ISBN: 9781617296826
Google: yS0MEAAAQBAJ
Publisher: Simon and Schuster
Published: 2020-12-29T23:39:30.868520+00:00

8.2 Maintaining reliable re-entry with Meterpreter

Suppose for a second that the Meterpreter shell you have access to was gained by exploiting a vulnerability that presented itself only one time—for example, a user on your target system happened to be using a vulnerable application that you identified and exploited. Then the system rebooted, and you lost your Meterpreter shell. When the system came back up, the user was done with the vulnerable application, and you no longer had an avenue of attack. I can assure you from personal experience this is every bit as frustrating as it sounds.

Or, if it’s easier to picture, imagine that our movie heist crew gained access to a restricted area after finding an employee keycard lying around. They used the keycard to enter the restricted area briefly and then left (let’s say they heard a noise), intending to return in a few hours. Unfortunately, when they came back, the keycard had been deactivated because the employee reported it lost. Maintaining reliable re-entry is all about making sure you can freely come and go as you please once you have established access to a compromised level-one target.

This is why one of the first objectives you should focus on during post-exploitation is maintaining persistent re-entry into compromised targets. You may have a shell now, but there is no telling how long it will last, so you should be concerned with securing your ability to get back into your compromised target at will. Metasploit comes with a handy persistence script that can be used to facilitate this objective effectively.

There are multiple ways of thinking about persistent re-entry, and I’m going to demonstrate the most straightforward but not necessarily the stealthiest approach. (That’s OK because we are performing a network pentest, not a red team exercise.) With this method, you install an executable binary Meterpreter backdoor on the compromised host that will autorun each time the system boots. You can achieve this with the run persistence command and the command arguments listed in table 8.1.

Table 8.1 Persistent Meterpreter command arguments

Command argument

Purpose

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.