[Zurück]


Zeitschriftenartikel:

M. Tabatabai Irani, E. Weippl:
"Automation Of Post-Exploitation";
International Journal of Web Information Systems (IJWIS), 5 (2009), 4; S. 518 - 536.



Kurzfassung englisch:
Purpose The purpose of this paper is to describe the improvements achieved in automating post-exploit activities
Design/methodology/approach Based on existing frameworks such as Metasploit and Meterpreter the paper develops a prototype and uses this to automate typical post-exploitation activities.
Findings Using a multi-step approach of pivoting this paper can automate the cascaded attacks on computers not directly routable.
Practical implications Based on the findings and developed prototypes penetration tests can be made more efficient since many manual exploitation activities can now be scripted. Original/value The main contribution of the paper is to extend Metapreter-scripts so that post-exploitation can be scripted. Moreover, using a multi-step approach (pivoting), it can automatically exploit machines that are not directly routable.


"Offizielle" elektronische Version der Publikation (entsprechend ihrem Digital Object Identifier - DOI)
http://dx.doi.org/10.1108/174400809110


Erstellt aus der Publikationsdatenbank der Technischen Universitšt Wien.