Cortana Tutorial - Armitage
Cortana Tutorial - Armitage
Cortana Tutorial - Armitage
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
A snapshot of the database is always available to your script. When <strong>Cortana</strong> polls the<br />
database, it compares the new results to its understanding of the database. <strong>Cortana</strong> uses<br />
the changes in the database to fire events that you may register listeners for.<br />
Figure 3. Cotana's Data Management<br />
The host_add and host_delete events fire when hosts are added or deleted. Look at the<br />
&hosts_* functions to learn how to interact with and query hosts.<br />
<strong>Cortana</strong> also fires events for services. The services_add_n fires when a service with port n<br />
is first seen. The service_add event fires for any service and service_delete fires when a<br />
service disappears from the database. Take a look at the &service_* functions to learn how<br />
to interact with and query the known services.<br />
<strong>Cortana</strong> fires the credential_add event when a credential is added to the database.<br />
Metasploit automatically records working credentials as they're discovered. The<br />
credential_delete event is fired when a credential is removed from the database. The<br />
&credential_* functions let you query and manipulate the known credentials.<br />
The session_open event fires when a new session opens up. A session is an active<br />
connection between Metasploit and a compromised host. The session_close event fires<br />
when a session closes. When a Meterpreter session is ready for interaction, <strong>Cortana</strong> fires a<br />
session_sync event to indicate this. The &session_* functions provide tools to query or<br />
close any existing sessions.<br />
<strong>Cortana</strong> also fires a route_add event when a new pivot is setup. The route_delete event is<br />
fired when a pivot is removed. The &route_* functions let you add, delete, and query<br />
routes.<br />
The loot_add event fires when a new loot is added to the database. Some Metasploit post<br />
modules record their captured database as a loot entry. The main purpose of this event is<br />
15