Automation of post‐exploitation
International Journal of Web Information Systems
ISSN: 1744-0084
Article publication date: 20 November 2009
Abstract
Purpose
The purpose of this paper is to describe the improvements achieved in automating post‐exploit activities
Design/methodology/approach
Based on existing frameworks such as Metasploit and Meterpreter the paper develops a prototype and uses this to automate typical post‐exploitation activities.
Findings
Using a multi‐step approach of pivoting this paper can automate the cascaded attacks on computers not directly routable.
Practical implications
Based on the findings and developed prototypes penetration tests can be made more efficient since many manual exploitation activities can now be scripted.
Original/value
The main contribution of the paper is to extend Metapreter‐scripts so that post‐exploitation can be scripted. Moreover, using a multi‐step approach (pivoting), it can automatically exploit machines that are not directly routable
Keywords
Citation
Tabatabai Irani, M. and Weippl, E.R. (2009), "Automation of post‐exploitation", International Journal of Web Information Systems, Vol. 5 No. 4, pp. 518-536. https://doi.org/10.1108/17440080911006234
Publisher
:Emerald Group Publishing Limited
Copyright © 2009, Emerald Group Publishing Limited