Automation Of Post-Exploitation

M. Tabatabai Irani, E. Weippl:
"Automation Of Post-Exploitation";
International Journal of Web Information Systems (IJWIS),5(2009), 4; S. 518 - 536.

[ Publication Database ]

Abstract:


Purpose The purpose of this paper is to describe the improvements achieved in automating post-exploit activities
Design/methodology/approach Based on existing frameworks such as Metasploit and Meterpreter the paper develops a prototype and uses this to automate typical post-exploitation activities.
Findings Using a multi-step approach of pivoting this paper can automate the cascaded attacks on computers not directly routable.
Practical implications Based on the findings and developed prototypes penetration tests can be made more efficient since many manual exploitation activities can now be scripted. Original/value The main contribution of the paper is to extend Metapreter-scripts so that post-exploitation can be scripted. Moreover, using a multi-step approach (pivoting), it can automatically exploit machines that are not directly routable.