Beruflich Dokumente
Kultur Dokumente
Prevention
• Metasploit
• Post Exploitation Activities
Source: https://www.cybrary.it/0p3n/metasploit-advanced/
TEMASEK POLYTECHNIC • SCHOOL OF INFORMATICS & IT
Metasploit Terminology
Term Definition
Command Description
help [COMMAND] List the commands in Metasploit. It also displays
the command usage if a command is specified
• Single Payload
• PLATFORM/[ARCHITECTURE]/SHELL_CONNECTION-
DIRECTION_PROTOCOL
Stager Payload
Stageless Payload
MSF Service
1. Exploit + Single Payload
2.
Listener
3. MSF Connects to Listener Started
MSF Service
1. Exploit + Stage 0 Payload
2.
3. Payload connects to Listener Single
Listener
Started Payload
MSF Service
1. Exploit + Single Payload
Listener Single
2. Payload Connects to
Listener Payload
MSF Service
1. Exploit + Stage 0 Payload
Source:
https://www.blueliv.com/downloads/Meterpreter_c
heat_sheet_v0.1.pdf
• Persistence
• Persist access even after the system restarts
• Pivoting
• Gain access into other parts of the network
TEMASEK POLYTECHNIC • SCHOOL OF INFORMATICS & IT
Privilege Escalation
DMZ
Network Internal Network
Attacker
Compromised
Internet Web Server
Internal
Server
DMZ
Network Internal Network
Attacker
Compromised
Internet Web Server
Internal
Server
• Don’t stop when you get a shell, think about how you
can expand your access