1
00:00:01,090 --> 00:00:07,030
‫So up to now, we learned the exploitation concept and how to exploit systems using an exploitation

2
00:00:07,030 --> 00:00:08,710
‫framework, Metasploit.

3
00:00:09,650 --> 00:00:14,180
‫Now it's time to compromise the exploited systems and gather as much as we can.

4
00:00:14,990 --> 00:00:18,110
‫So welcome to the post exploitation phase.

5
00:00:20,050 --> 00:00:26,740
‫As I mentioned before, putting the reporting and the cleaning steps aside, a penetration test briefly

6
00:00:26,740 --> 00:00:28,150
‫consist of four phases.

7
00:00:28,930 --> 00:00:32,350
‫Reconnaissance is the act of gathering data on your target.

8
00:00:33,130 --> 00:00:38,230
‫Scanning is defined more about the target gaps, vulnerabilities, weaknesses, et cetera.

9
00:00:39,070 --> 00:00:43,210
‫Exploitation is to take control of the network devices.

10
00:00:44,290 --> 00:00:50,290
‫And the purpose of the post exploitation phase is to determine the value of the machine compromised

11
00:00:51,040 --> 00:00:54,130
‫and to maintain control of the machine for later use.

12
00:00:55,030 --> 00:00:59,830
‫The value of the machine is determined by the sensitivity of the data stored on it and the machine's

13
00:00:59,830 --> 00:01:02,500
‫usefulness in further compromising the network.

14
00:01:03,920 --> 00:01:09,410
‫As you can imagine, by the definition of the post exploitation phase, the phases of a penetration

15
00:01:09,410 --> 00:01:10,400
‫test are itor.

16
00:01:10,400 --> 00:01:16,850
‫If you gather more in the post exploitation phase and you use the gathered information to find more

17
00:01:16,850 --> 00:01:19,490
‫systems and to exploit other systems.

18
00:01:20,180 --> 00:01:26,600
‫When you exploit other systems, you gather more in that systems post exploitation phases and you use

19
00:01:26,600 --> 00:01:30,950
‫that information to hack more systems, et cetera, et cetera.

20
00:01:32,930 --> 00:01:36,320
‫So we have now successfully compromised the target system.

21
00:01:36,830 --> 00:01:44,210
‫Now what As I mentioned before, exploitation and post exploitation phases are the phases that separate

22
00:01:44,210 --> 00:01:47,840
‫the penetration test from the ordinary vulnerability assessments.

23
00:01:48,870 --> 00:01:54,210
‫The actions you can take in the post exploitation phase is limited to the contract you signed with a

24
00:01:54,210 --> 00:01:56,610
‫customer before the penetration test.

25
00:01:57,210 --> 00:02:00,600
‫So here are just a few examples of what you can do in this phase.

26
00:02:01,670 --> 00:02:07,970
‫As you may remember, I mentioned before, all the sessions we create between the victim and us via

27
00:02:07,970 --> 00:02:10,040
‫Metasploit Framework run in the memory.

28
00:02:10,700 --> 00:02:14,900
‫That means the session dies when the victim's system is shut down or restarted.

29
00:02:15,560 --> 00:02:18,290
‫Well, you can exploit the same vulnerability again.

30
00:02:18,710 --> 00:02:20,810
‫But what of the vulnerabilities patched?

31
00:02:20,810 --> 00:02:25,970
‫Or what if the signature of your payload is defined into the security measures database?

32
00:02:27,080 --> 00:02:32,540
‫So what I want to say is we'd better have a persistent access to the victim machine.

33
00:02:33,670 --> 00:02:39,400
‫Now, one of the very first things when we hack a system is collecting usernames and passwords or password

34
00:02:39,400 --> 00:02:40,630
‫hashes from the system.

35
00:02:41,620 --> 00:02:46,360
‫Crack the password to see how sufficient the institute's password policy is.

36
00:02:46,660 --> 00:02:51,880
‫And of course, you're able to use that password for other accounts you encounter throughout the test

37
00:02:52,060 --> 00:02:53,560
‫because of the human element.

38
00:02:55,070 --> 00:03:01,220
‫Collecting sensitive data from the computer and the network is another critical point of post exploitation.

39
00:03:03,020 --> 00:03:05,660
‫Really, you won't believe what you've gathered.

40
00:03:06,890 --> 00:03:12,500
‫It's another common case to find some backups inside the computers, and these backups are, well,

41
00:03:12,500 --> 00:03:15,710
‫they're sometimes accessible without an authentication step.

42
00:03:16,250 --> 00:03:19,490
‫You think I'm kidding, but you learn and you will find.

43
00:03:20,700 --> 00:03:26,100
‫So at the end of the post exploitation phase, you'll probably have a lot of data and credentials that

44
00:03:26,100 --> 00:03:28,230
‫you are not authorized to have.