Automation of Post-exploitation
Pentesting is becoming an important activity even for smaller companies. One of the most important economic pressures is the
cost of such tests. In order to automate pentests, tools such as Metasploit can be used. Post-exploitation activities can,
however, not be automated easily. Our contribution is to extend Meterpreter-scripts so that post-exploitation can be scripted.
Moreover, using a multi-step approach (pivoting), we can automatically exploit machines that are not directly routable: Once
the first machine is exploited, the script continues to then automatically launch an attack on the next machine, etc.