1
00:00:00,930 --> 00:00:03,150
Instructor: And, welcome back.

2
00:00:03,150 --> 00:00:07,170
Time to touch on a subject of post exploitation.

3
00:00:07,170 --> 00:00:10,260
We have traveled a long way from the beginning.

4
00:00:10,260 --> 00:00:12,150
We covered the information gathering,

5
00:00:12,150 --> 00:00:15,360
where we try to get as much information about our target

6
00:00:15,360 --> 00:00:17,793
that we would find useful for a future attack.

7
00:00:18,630 --> 00:00:22,110
After it, we scanned our target from technical aspect

8
00:00:22,110 --> 00:00:26,910
and we discovered its open ports and softwares that it runs.

9
00:00:26,910 --> 00:00:29,100
We then used different tools to figure out

10
00:00:29,100 --> 00:00:31,710
whether that target has any known vulnerability

11
00:00:31,710 --> 00:00:33,990
that we might be able to exploit,

12
00:00:33,990 --> 00:00:36,840
and then we exploited many different targets

13
00:00:36,840 --> 00:00:41,460
from Linux Metasploitable to Windows 7 and Windows 10.

14
00:00:41,460 --> 00:00:44,520
We both saw how to exploit its vulnerabilities,

15
00:00:44,520 --> 00:00:47,550
and then after it recreated our own payloads

16
00:00:47,550 --> 00:00:50,310
that we executed on the target system.

17
00:00:50,310 --> 00:00:53,340
Now comes the part after the exploitation.

18
00:00:53,340 --> 00:00:54,990
What are we going to do

19
00:00:54,990 --> 00:00:57,450
now that we are on the target system?

20
00:00:57,450 --> 00:01:01,980
What are we looking for and what cool things can we even do?

21
00:01:01,980 --> 00:01:05,730
Well, we have lots and lots of options

22
00:01:05,730 --> 00:01:08,310
depending on what we want to find of course.

23
00:01:08,310 --> 00:01:12,750
For example, the most simple thing we can do is scroll

24
00:01:12,750 --> 00:01:14,040
through their file system,

25
00:01:14,040 --> 00:01:17,100
and look through what files and programs

26
00:01:17,100 --> 00:01:19,530
they have on their machine.

27
00:01:19,530 --> 00:01:21,720
Maybe we could find something interesting,

28
00:01:21,720 --> 00:01:24,570
such as saved passwords inside of a file,

29
00:01:24,570 --> 00:01:27,210
or some other important files for that company

30
00:01:27,210 --> 00:01:30,690
that are laying on that machine unprotected.

31
00:01:30,690 --> 00:01:33,270
We could also download files from that machine

32
00:01:33,270 --> 00:01:35,520
and also upload files to it,

33
00:01:35,520 --> 00:01:37,650
in case we want to send another payload

34
00:01:37,650 --> 00:01:42,120
or another executable that we want to run on their system.

35
00:01:42,120 --> 00:01:45,030
We can do all of this with our Meterpreter shell,

36
00:01:45,030 --> 00:01:47,940
just by running a few commands.

37
00:01:47,940 --> 00:01:49,200
Talking about passwords,

38
00:01:49,200 --> 00:01:52,440
that is also something that we would look for.

39
00:01:52,440 --> 00:01:55,740
We could try to extract saved passwords from browsers,

40
00:01:55,740 --> 00:01:59,100
for example, remember when you click on that button

41
00:01:59,100 --> 00:02:02,730
that says Remember Me once you log into some webpage?

42
00:02:02,730 --> 00:02:04,980
Well, those passwords could be stored

43
00:02:04,980 --> 00:02:07,027
somewhere on their machine.

44
00:02:07,027 --> 00:02:09,360
"And why would we go for passwords?"

45
00:02:09,360 --> 00:02:10,770
you might be asking.

46
00:02:10,770 --> 00:02:13,320
Well, getting targets' online accounts

47
00:02:13,320 --> 00:02:16,260
just expands our access to them.

48
00:02:16,260 --> 00:02:18,810
Imagine you were to get their PayPal password

49
00:02:18,810 --> 00:02:21,960
and gain access to their PayPal account.

50
00:02:21,960 --> 00:02:24,030
That wouldn't be so pretty for them,

51
00:02:24,030 --> 00:02:27,570
since you will have access to all of their funds.

52
00:02:27,570 --> 00:02:29,280
Another thing we could try to do

53
00:02:29,280 --> 00:02:32,790
is gain access to the entire network

54
00:02:32,790 --> 00:02:35,340
from the target machine that we hacked.

55
00:02:35,340 --> 00:02:37,110
Maybe inside of company's network,

56
00:02:37,110 --> 00:02:39,840
you managed to get access to one machine,

57
00:02:39,840 --> 00:02:43,140
but it doesn't have all the things you might need.

58
00:02:43,140 --> 00:02:46,830
Maybe some important files could be on some other machine

59
00:02:46,830 --> 00:02:48,720
from that same network.

60
00:02:48,720 --> 00:02:49,800
In that case,

61
00:02:49,800 --> 00:02:52,680
you would want to try to hack that other machine,

62
00:02:52,680 --> 00:02:54,780
from the machine that you already hacked.

63
00:02:54,780 --> 00:02:56,227
Now, you might be wondering,

64
00:02:56,227 --> 00:02:59,520
"Well, why not from our Kali Linux machine?"

65
00:02:59,520 --> 00:03:02,850
Well, maybe machines that belong to that network

66
00:03:02,850 --> 00:03:05,520
have more trust between one another.

67
00:03:05,520 --> 00:03:06,810
Maybe they exchange files

68
00:03:06,810 --> 00:03:09,870
or communicate with some other software altogether

69
00:03:09,870 --> 00:03:11,550
on that same network.

70
00:03:11,550 --> 00:03:14,280
In that sense, it would be easier to get access

71
00:03:14,280 --> 00:03:16,800
to one of those machines from a system

72
00:03:16,800 --> 00:03:20,340
that is already inside of their network, right?

73
00:03:20,340 --> 00:03:23,730
Maybe we would also want to run a keylogger

74
00:03:23,730 --> 00:03:25,800
on the machine we got access to.

75
00:03:25,800 --> 00:03:27,510
Now, keylogger is a program

76
00:03:27,510 --> 00:03:31,500
that captures every keyboard input from that machine.

77
00:03:31,500 --> 00:03:34,410
So with this, not only we could maybe capture

78
00:03:34,410 --> 00:03:37,200
some passwords that the user of that machine

79
00:03:37,200 --> 00:03:40,350
would input in some secured website or software,

80
00:03:40,350 --> 00:03:43,410
but we will also be able to see everything else

81
00:03:43,410 --> 00:03:45,420
that he or she typed

82
00:03:45,420 --> 00:03:47,640
from what they searched on the Internet,

83
00:03:47,640 --> 00:03:51,210
to maybe the messages that they're sending on social media

84
00:03:51,210 --> 00:03:52,440
from that machine,

85
00:03:52,440 --> 00:03:55,830
or basically anything that they type in the keyboard,

86
00:03:55,830 --> 00:03:57,600
we will be able to see it.

87
00:03:57,600 --> 00:03:59,130
Amazing, right?

88
00:03:59,130 --> 00:04:01,320
You can picture post exploitation

89
00:04:01,320 --> 00:04:04,350
as some type of a information gathering

90
00:04:04,350 --> 00:04:06,240
on the target system.

91
00:04:06,240 --> 00:04:08,370
And these things that we talked about

92
00:04:08,370 --> 00:04:11,190
are just a small portion of what we can do

93
00:04:11,190 --> 00:04:12,543
once we hack a machine.

94
00:04:13,590 --> 00:04:15,120
Now that we've briefly talked about

95
00:04:15,120 --> 00:04:16,920
post exploitation theory,

96
00:04:16,920 --> 00:04:20,550
let us see what available tools and commands we can use

97
00:04:20,550 --> 00:04:22,710
to achieve all of the things that we mentioned

98
00:04:22,710 --> 00:04:24,720
and even more.

99
00:04:24,720 --> 00:04:26,020
See you in the next video.