Post exploitation is an important process in a penetration test as it allows the attacker to gather information from them system that he has exploited.A lot of penetration testers are using the metasploit framework modules for system exploitation.However Metasploit provides and modules for post exploitation activities for a variety of systems.In this article we will examine how we can use metasploit to perform post exploitation on a Linux system.
We will assume that we have already exploited the system.So we will put the session in the background with the command Ctrl+Z.
It is necessary to know the session ID for the post exploitation modules that we are going to use.This can be obtained with the command session.
As we can see the ID is 1.One of the first modules that we are going to try is the hashdump which it will try to collect the password hashes of the system.The only setting that we need to insert is the session ID which is already known from before.
Another useful module is the checkvm which it will try to discover if the system is a virtual machine.From the image below it seems that our system is VMware virtual machine.
Another very interesting post exploitation module of Metasploit is the enum_configs which it will obtain all the important configuration files and it will stored them in our system.In the next image we can see the command that we have used for this module and a sample of the configuration files that has obtained from the remote system.
Now if we want to check these .txt files we can open another console and we can type for example nano /root/.msf4/loot/20130104144725_default_172.16.212.133_linux.enum.conf_373751.txt
We can also enumerate the network configurations with the enum_network module.
If we want to discover what kind of installations exist on the remote system like IDS,antivirus,firewalls etc. then we can use the following module:
We can also enumerate the entire system by obtaining information regarding the user accounts,the installed packages,the services,the hard disk,the Linux version etc.
Essential information can be discovered and from the user history.Of course there is a metasploit module for this as well that it will store this kind of information on our local system.
In this article we examine the post exploitation modules of metasploit framework that can be used against a Linux system and what kind of information they can obtain.From the information that we have gathered of course we can conduct further attacks on this system and we can even find alternate ways of exploitation.Additionally during our post exploitation activities we can discover usernames and even plain text passwords which these credentials can be re-used later in other systems on the network.