Mohammad Tabatabai Irani and Edgar R. Weippl
The purpose of this paper is to describe the improvements achieved in automating post‐exploit activities
Abstract
Purpose
The purpose of this paper is to describe the improvements achieved in automating post‐exploit activities
Design/methodology/approach
Based on existing frameworks such as Metasploit and Meterpreter the paper develops a prototype and uses this to automate typical post‐exploitation activities.
Findings
Using a multi‐step approach of pivoting this paper can automate the cascaded attacks on computers not directly routable.
Practical implications
Based on the findings and developed prototypes penetration tests can be made more efficient since many manual exploitation activities can now be scripted.
Original/value
The main contribution of the paper is to extend Metapreter‐scripts so that post‐exploitation can be scripted. Moreover, using a multi‐step approach (pivoting), it can automatically exploit machines that are not directly routable