I\'ve played around with metasploit simply as a hobby but am wondering if actual

Question

I've played around with metasploit simply as a hobby but am wondering if actual pentesters and/or hackers actually use metasploit to get into systems or do they write their own post exploitation modules or their own programs entirely?

Reason I ask is because metasploit does not seem to be able to selectively clear windows event logs and such, or perhaps I just couldn't find it.(the nearest I can find is clearev but that simply wipes out everything which isn't very sneaky) Besides, even if it is able to selectively clear the event logs there will be places like the prefetch queue in ring 0 where forensics will be able to find what I did from the system image...

Explanation / Answer

Yes pentesters do use Metasploit. With custom exe templates and shikata_ga_nai you are able to fool nearly every AV solution (google for av evasion to learn more about this) and the meterpreter payload is really handy to escalate privileges in Windows domains.

That beeing said Metasploit is only one tool of many and a good pentester should know and use the right tool for the right task.

Clearing specific entries out of the event log might come in handy for a pentest when the goal is to be undetected and fool siem systems. However just because this feature is missing from Metasploit (yet) does not mean that you cannot use all the usefull modules that are already there.

Regarding custom toolkits i would imagine that it would be more effective to fork Metasploit or to simple just write your own post exploitation modules (like selective event log deletion).

Thats the beauty of open source/software.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.