Pivoting with PCAP with Core Impact

January 19, 2018

[[{"fid":"4890","view_mode":"default","fields":{"format":"default","field_file_image_alt_text[und][0][value]":false,"field_file_image_title_text[und][0][value]":false,"alignment":""},"link_text":null,"type":"media","field_deltas":{"1":{"format":"default","field_file_image_alt_text[und][0][value]":false,"field_file_image_title_text[und][0][value]":false}},"attributes":{"class":"media-element file-default","data-delta":"1"}}]]

In this quick video, we show how the PCAP plugin can be installed and used in order to quickly and efficiently improve the speed of information gathering tasks.

Since installing the PCAP plugin requires administrative privileges, we'll begin by running a local escalation module. For this example, we'll use an exploit for the unpatched MS16-039 vulnerability.

When the module finishes, we'll then have a new agent running with SYSTEM privileges.

Pivoting and installing the PCAP plugin is as easy as right-clicking on the agent and selecting the proper options from the menu.

The PCAP plugin will be installed in the agent and we can benefit from it by being able to run information gathering modules such as Network Discovery or Port scanning using FAST techniques.

  • Penetration testing

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!