Abstract

Once the shells come back, we have a bit more work to do. This chapter discusses what happens after we’ve gotten in. Working from information gathering under Windows, and moving toward maintaining access through creating users using the Windows command line, this chapter looks at how to query and manipulate Windows systems from the command line. Once we’ve gotten the hang of it, this chapter works to convert that hard work into a Meterpreter script using Ruby where we can easily run these commands through Metasploit.

After exploiting a Web application, we don’t want the database to feel left out, so this chapter ends with manipulating SQL injection vulnerabilities to gain access to applications, dump ...