Ethical Hacking and Penetration Testing Guide
Enumerating with Meterpreter
Yüklə 22,44 Mb. Pdf görüntüsü
|
|
235
Enumerating with Meterpreter Meterpreter can also be used to acquire situation awareness as it has a built-in capability to execute OS commands. I would recommend that you mostly use Metasploit for enumeration and data mining. Alternatively, you can switch between the meterpreter shell and the Windows shell. Let’s take a look at some of the commands in Meterpreter. We type the help command to see all the available commands in meterpreter. The list would contain different types of commands to accomplish a specific task. Let’s talk about a few of them important for acquiring system awareness. sysinfo command—The sysinfo command provides useful information about our target. networking commands—The networking commands are identical to what we would use on a Windows/Linux shell. These commands include ipconfig, ifconfig, portfoward, and route. Identifying Processes The following commands could be used to identify a process user IDS. PS —This is the same as the tasklist command; it will display all the processes. getuid —This will return the current uid of the user. getpid —This will print the current process id. Interacting with the System The commands for interacting with system using meterpreter are identical to what we use in linux on daily basis. However, in meterpreter these commands can also be used to interact with windows systems as well. Here are the basic commands: cd —Used to navigate between directories. cat —Used to output contents of a file on the screen. search —Used to search a particular file. ls —Similar as in Linux, this is used to list files of a directory. User Interface Command The user interface command can be used for various tasks; for example, you can record the victim’s mic, change the victim’s desktop, and take a screenshot of the current desktop to see what the 236 ◾ Ethical Hacking and Penetration Testing Guide victim is doing. In your real-world penetration tests you can include screenshots of the desktop in your reports to help a nontechnical person understand your report better. enumdesktops —Prints information about all the running desktops. screenshot —Used to display screenshot of the current machine to see what our target is currently doing. record _ mic —Records the microphone of the victim, in case he is using one. webcam _ list/webcam snap —Used to list available webcams, and the webcam snap software is used to take a snapshot of the victim. Thus, we have listed some of the interesting commands from meterpreter to gain situation aware- ness right after compromising a target. We will start exploring other features of Meterpreter as soon as we get to the more advanced topics. Yüklə 22,44 Mb. Dostları ilə paylaş:
|