Book Image

Mastering Metasploit - Second Edition

By : Nipun Jaswal
Book Image

Mastering Metasploit - Second Edition

By: Nipun Jaswal

Overview of this book

Metasploit is a popular penetration testing framework that has one of the largest exploit databases around. This book will show you exactly how to prepare yourself against the attacks you will face every day by simulating real-world possibilities. We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You’ll get to know about the basics of programming Metasploit modules as a refresher, and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit. In the next section, you’ll develop the ability to perform testing on various services such as SCADA, databases, IoT, mobile, tablets, and many more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework. By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.
Table of Contents (17 chapters)
Mastering Metasploit
Credits
Foreword
About the Author
About the Reviewer
www.PacktPub.com
Preface

Advanced post exploitation with Metasploit


In this section, we will use the information gathered from basic commands to achieve further success and access levels on the target.

Migrating to safer processes

As we saw in the previous section, our meterpreter session was loaded from a temporary file. However, if a user of a target system finds the process unusual, they can kill the process, which will kick us out of the system. Therefore, it is a good practice to migrate to a safer process, such as explorer.exe or svchost.exe, which evades the eyes of the victim, by using the migrate command. We can use the ps command to figure out the PID of the process we want to jump to, as shown in the following screen:

We can see that the PID of explorer.exe is 1896. Let's use the migrate command to jump into it, as shown in the following screenshot:

We can see we successfully managed to jump into the explorer.exe process.

Tip

Migrating from one process to a another may downgrade privileges.

Obtaining system...