Contributions to Proceedings:
M. Tabatabai Irani, E. Weippl:
"Automation Of Post-Exploitation";
in: "Proceedings of International Conference on Security Technology (SecTech 2009)",
Springer LNCS,
2009,
ISBN: 978-3-642-10847-1,
250
- 257.
English abstract:
Abstract. Pentesting is becoming an important activity even for smaller
companies. One of the most important economic pressures is the cost of
such tests. In order to automate pentests, tools such as Metasploit can be
used. Post-exploitation activities can, however, not be automated easily.
Our contribution is to extendMeterpreter-scripts so that post-exploitation
can be scripted. Moreover, using a multi-step approach (pivoting), we can
automatically exploit machines that are not directly routable: Once the
first machine is exploited, the script continues to then automatically launch
an attack on the next machine, etc.
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
http://dx.doi.org/10.1007/978-3-642-10847-1_31
Created from the Publication Database of the Vienna University of Technology.