In this article you will learn, after compromised the victim machine what we can do by using post exploitation. There are 478 post exploitation modules which are available in metasploit framework but in this article we will use only five modules which is working on window 10 machine.

What is Post-Exploitation Module ?

Once the victim machine has to be compromised by the attacker & then with the help of post module you can gather information or evidence about the victim. The post module also can be used to maintain the access to the system.

Lets Begin !!

We already have compromised the victim machine with administrator privileges. You can see here.

Window Credential Phishing

This post module is used to perform the phishing attack on the target machine by popping up a login prompt. When the victim fills credentials in the login prompt, the credentials will go to to the attacker.

For perform this attack you need to have to execute the following commands.

After that the login prompt will show on the victim machine just like below given image.

When victim will enter his credentials in the login prompt you can observe the credentials will be successfully comes to the attacker.

Multi Manage Play Youtube Video

With the help of this exploit you can broadcast a Youtube video on compromised system. Each Youtube video has a special VID with the help of which the youtube video broadcast on victim machine.

We have to go on youtube and select the VID of any video form which you want to broadcast on victim system.

Go back on kali linux and carry out his work by using following command.

After execute the attack, you can see that the broadcasting will be done on victim machine with full screen mode.

Multi Manage Set Wallpaper

This module will give you the permission to change the desktop wallpaper of the victim machine.

Before go Ahead, we must have PNG or JPEG format image. After that we need to execute these commands as given below.

As soon as we execute this module, victim’s desktop wallpaper will successfully be changed.

Change Password

This Module will help us to change the window logon password of the target machine.

Execute these given command on multi/handler to perform the attack.
Note : To perform this attack we must have admin privileges.

After executing the attack, victim cannot login with his old password.

Windows Gather Screen Spy

In this module attackers can take the desktop screenshot of the victim machine anonymously. This allow for screen spying that can be useful for attackers to track or record the screen of victim.

You need to enter these given commands on multi/handler.

After executing the module, we will get screenshot of vicitm machine with delay of five second.

Open a URL ( Phishing )

This module allows an attacker to open any file or URL on the target machine. Most of the time attacker take help of this module to perform the phishing attack.

To create a phishing page you can use the AdvPhishing tool.

After that we have to go back on kali linux terminal and execute these given commands on multi/handler.

You can see that the phishing page has opened on victim machine.

Done !!

Leave a Reply

Your email address will not be published. Required fields are marked *