remote host, local host and local port setting. This is the preparation for stagers payload and stages payload.
Start the exploit
RPC dcom exploit was successful, stagers payload overwritten the victim machine buffer, and stages payload (meterpreter) uploaded and dll injected victim machine's process.
Post exploitation: Understand the exploited environment
Whoami
I am an administrator.
What is the machine?
sysinfo get the detail of the exploited system.
Which process has meterpreter attached to?
meterpreter attaches itself to svchost.exe
Post exploitation: Using script to enhance your finding
Is this a real machine or virtual machine?
Windows XP is on Oracle virtualbox.
What is the user doing now? Can I see it?
This is the screen_spy ruby script, it works the same as screenshot command in metasploit.
A screenshot will pop up.
Oh by the way…is this machine idle or actively used by user?
This machine is actively used by user...will the victim discovered something fishy?
What are the applications installed on victim’s system?
A list of installed applications is shown and saved as a txt file.Alternatively I could run get_application_list script to get the same result.
I want to know and retrieve victim’s browser history
retrieving history from victim's browser
Post exploitation: using scraper
Scraper is an automated script that gathers the victim machine environment informationinformation gathered and stored by scraper.Checking out the user data of the victim machine gathered and stored by scraper.
Final thoughts
Metasploit is indeed a powerful platform for testing exploitation scripts and use the written scripts to conduct pentesting. However the more I use metasploit the more keen I am to learn at least one script so that I am not limiting myself to the current scripts provided by metasploit framework.
cyruslab 
2 thoughts on “Metasploit: Post exploitation with meterpreter”