platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
Post exploitation using Nishang.
published on 2013-08-21 16:21:00 UTC by nirav desai Content:
Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.
This framework is written by Nikhil Mittal who is also author of Kautilya framework.For more information you can visit his blog.
Today we will see some basic module from nishang framework for post exploitation.
This tutorial is about post exploitation so first get meterpreter shell using any metasploit method. If you are new than visit metasploit section of blog.
(1)Download nishang from here . (2)Unzip it & put it in root directory.
meterpreter>shell cd C:\\Users/victim mkdir 123 exit
We upload all powershell script from our nishang folder to victim pc `s folder.
After upload we have to get shell.
meterpreter>shell cd c://Windows\System32\WindowsPowerShell\v1.0
So now everything is set ; we execute our powershell script from our shell.
(1)First we use Information Gather module. It gather all informataion from victim pc & it has exifil option so gatherd information is directly uploaded to the pastebin;gmail.
After execution complete information is uploaded to the your pastebin account.
This information is encoded in base64; so to get plain text decode it using base64 decoder.
(2)Another module is credential pop up. So it pop up credential menu in victim screen ; if victim enter right password then it will stop ;otherwise it will pop up again.