Now I am going to discuss an interesting topic related to manipulation of NIPrint on target system using meterpreter : reverse tcp handler payload.
First, we need to start the Metasploit and load payload reverse_tcp, set additional attributes like rhost, lhost from steps as we discussed in previous blog topic.
This payload tries to exploit the vulnerability on target system by putting dll file through reflective dll injection and opens back command shell to manipulate the target for attacker.
When the exploit gets successfully executed, attackers can use any command from a list of commands to compromise the target. It can be getting process identifier of processes, dumping hashes of passwords, escalating privileges, hiding current session in another process, starting keystroke logger and many more.
You can find a list of commands to execute using ‘help’ command. Number of core commands, file system commands etc. get listed on the shell window.
Important thing is once you opened a session by exploiting NIPrint, you can hide your attack using ‘migrate’ command in different process. Your exploit cannot be detected as current session got associated with a different process. You can continue to manipulate the target, but no detection system can detect your presence on target system. Migrating from one process to another helps in continuing the exploit even when applications open and close quickly.
I hope this information may be helpful a lot.
yeah i agree this information helps us to tracking missuse of data and with the help of "migrate" we can expolit our information under any circumstances.
ReplyDeleteThis information is very helpful for targeting to system and it is showing that how process migrating to from one to another.we should know all important command to check how exploit works.
ReplyDelete