Post Exploitation

Post Exploitation

In this assignment, you will explore the options regarding post exploitation concepts. We assume that you have a successful Meterpreter session through the entire assignment.

The commands in Metasploit that you are going to use in this assignment are identical to the previous assignment. Also all of the exploits you are going to use reside under `post/windows/…` path in Metasploit. The keyword `post` in Metasploit indicates post exploitation.

### 1 Process Migration

The first step towards a successful Meterpreter post exploitation is to migrate Meterpreter’s process to a core windows process so that the user at the target machine is not able to “kill” the Meterpreter session.

**Task 1** : Using Meterpreter’s command `ps` find a **suitable** process to migrate to. What process did you choose and why? What is the ID of this process?

**Task 2** : Force to background the current Meterpreter sessions and find the **proper** post exploit to use for process migration. What exploit did you select?

*Hint* : Search exploits under post/windows.

**Task 3** : Perform the exploit and report the commands/options you used.

### 2 Killing the Antivirus

After migrating Meterpreter to another process the next step is to kill the antivirus system.

**Task 4** : Select the proper exploit to kill the antivirus system of the target machine (if any). What exploit did you use?

**Task 5** : Report the commands/options of the post exploit you used in order to kill the antivirus.

### 3 Obtaining System Privilege

The following tasks are about getting system privilege on the target machine.

**Task 6** : What is the Meterpreter command to check the privilege level of the current Meterpreter session?

**Task 7** What is the proper post exploit to escalate the privilege to the system level? Please note that this exploit does not always work.

**Task 8** Perform the exploit and report the commands/options you used.

### 4 Persistence

In successful Meterpreter exploitation, after migrating to the process, killing the antivirus and escalating to system privilege, the last step is to make Meterpreter  **persistent** . If the Meterpreter becomes persistent, then, it starts after every boot of the target system.

**Task 9** : What is the **proper** post exploit to perform the persistence?

**Task 10** Perform the exploit and report the commands/options you used.

*Hint* : You may need to use MSFVenom to create the payload. Use a port different from the port you used to initiate the current session.

Use the multi/handler module to run a Meterpreter exploit handler so that the persisted payload can connect back to you. Restart the victim machine.

**Task 11** : Confirm that a Meterpreter session is created when you login back to the Windows machine. Report the commands you used to set up the multi/handler module and a screenshot of the current Meterpreter session that has been opened.

**Task 12** : Using Meterpreter without **leaving the session,** show a different way to perform persistence on a target machine. Report the commands you used to do that.

*Hint* : Use `help` inside a Meterpreter session.