1
00:00:00,880 --> 00:00:06,940
Now, the post modules contain various scripts and utilities that help you to further infiltrate your

2
00:00:06,940 --> 00:00:14,500
target system after a successful exploitation, once you successfully exploit a vulnerability and get

3
00:00:14,500 --> 00:00:20,470
into your target system, the post exploitation modules are going to help you in the following ways.

4
00:00:21,560 --> 00:00:23,120
Escalate user privileges.

5
00:00:24,050 --> 00:00:25,580
Dump OS credentials.

6
00:00:26,500 --> 00:00:34,180
Steal cookies and saved passwords, get key logs from the target system, execute power shell scripts

7
00:00:34,660 --> 00:00:37,330
and make your access persistent.

8
00:00:37,990 --> 00:00:43,660
The Menace Boite Framework has more than 250 such post exploitation, utilities and scripts.

9
00:00:44,770 --> 00:00:51,340
So after gaining a shell, you can choose the appropriate post module to gather more information from

10
00:00:51,340 --> 00:00:54,390
the target or escalate your privileges.

11
00:00:55,510 --> 00:01:00,160
So let's see what a post module's directory looks like.

12
00:01:01,290 --> 00:01:02,160
Under module's.

13
00:01:03,050 --> 00:01:03,590
Post.

14
00:01:04,750 --> 00:01:11,470
And there are the post module directories, so because I have exploited a Linux system, I'll need to

15
00:01:11,470 --> 00:01:14,160
use Linux post exploitation modules.

16
00:01:14,710 --> 00:01:17,140
So let's go have a look at the Linux folder.

17
00:01:18,150 --> 00:01:21,200
And under Linux, there is a gather folder.

18
00:01:22,090 --> 00:01:23,680
And what do you have here?

19
00:01:25,010 --> 00:01:29,690
The hash dump module, now, it's not only for Linux.

20
00:01:30,810 --> 00:01:34,890
If you look over here, you have the same four windows as well.

21
00:01:35,850 --> 00:01:40,830
Now, before we go jumping into the command line, I just want you to realize just how meaningful the

22
00:01:40,830 --> 00:01:43,210
Métis Bloy directory structure really is.

23
00:01:43,430 --> 00:01:49,380
Now, you might ask, can you find your way around only by examining the structure.

24
00:01:50,690 --> 00:01:51,710
Let's go back to terminal.

25
00:01:52,650 --> 00:01:56,700
So now I'm going to use the VSP exploit again.

26
00:02:00,020 --> 00:02:02,330
So use XPoint.

27
00:02:03,860 --> 00:02:06,230
Unix FTP.

28
00:02:07,610 --> 00:02:09,860
Voice of TPD.

29
00:02:11,560 --> 00:02:12,580
So options.

30
00:02:14,360 --> 00:02:19,320
Everything is ready to exploit, then exploit J.

31
00:02:19,820 --> 00:02:26,450
So this command will exploit the target and if I get a session, then it will hold that session in the

32
00:02:26,450 --> 00:02:30,910
background type sessions to list the available sessions in the background.

33
00:02:31,730 --> 00:02:34,680
And there it is in session for.

34
00:02:35,390 --> 00:02:40,050
So now is the time to use a post module over this session.

35
00:02:40,640 --> 00:02:48,890
Now the usage syntax of a post module is the same type used and then the name of the post module use

36
00:02:48,890 --> 00:02:50,780
post Linux.

37
00:02:51,790 --> 00:03:02,740
Gather hash dump, now show the options, doing only this session variable, so set this variable to

38
00:03:02,740 --> 00:03:05,200
the index of this session for.

39
00:03:07,690 --> 00:03:08,830
Then exploit.

40
00:03:09,920 --> 00:03:15,740
Aha, so here are the password hashes of medicine voidable to users.

41
00:03:18,150 --> 00:03:19,710
Now, you don't have to stay with that.

42
00:03:20,950 --> 00:03:22,960
You can also use some of the other post modules.