2. • Who am I ?
• Meterpreter
• Meterpreter..why?
Agenda • Meterpreter..how?
• Command Classification
• Post Exploitation
• Conclusion
3. Shubham Mittal
Security Consultant @ Hackplanet Technologies
Penetration Tester
Areas Of Working
AV Evasion
Malware Analysis
Metasploit
SOC
4. Meterpreter
Meterpreter
– Advance Multi Function payload.
– Provides core complex and advanced features.
– Injects itself into running process.
– Meterpreter = Meta Interpreter, interprets commands from
one machine to another.
5. Meterpreter
Meterpreter .. Why?
– Normal Payloads :
– Creates a new Process at the target machine.
– Don’t work in chroot’d environments.
– Limited to commands available on the shell only.
– Meterpreter:
– Everything goes into memory, No I/O operations to HDD, hence less
detectable.
– Works in chroot’d environment [works in context of exploited process].
– Different extensions can be loaded on the fly during post exploitation.
– Plus Meterpreter Scripting
6. Meterpreter .. Why?
A handler is fired.
Remote Machine Enumeration
Vulnerability is triggered.
Payload delivered, using DLL
injection
Payload reverts Back, pwning a
shell
10. Conclusion
• Ideal stealth vector for process injection.
• Can be a nice tool to integrate with future
exploits.
• Meterpreter scripting will definitely give an
aid.
• Expectations never ends