LINUX - POSTEXPLOTAITION
- Layout for this exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjVWD3xHzXf7QrQDoA_kw_ir_vjGEMDHrE7ucdRJMfqtMr7ra8UQ9ptkq4zNy4wfuTXW-C5-lv3vv8j5YuvwDY1HRAvf34MEOXhH5eAUFOdEiq8jhv7zbNLraiRwOlEmySySeke_O4PQqB/s1600/M2_LAYOUT.jpg)
- First of all, let's exploit the Linux system:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWMpPvY4n3NUWfRhweEhHCl5t_qDQZMM058nUT7VDDfHDNqsGc21LU9La9_R8tm8itiEmYo7s9GOZaw54qGQh5MOBNHuI7QXeV3IHDwxQEs4eO5Pd8MYvaYmz2jQ8H4s60h4Z7kV60bNBI/s1600/screenshot.1.jpg)
- As a consequence of the attack a remote shell session is open. For handling the attack in a better way, the session is backgrounded:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXilcr6W_v4sozO6dLsITy7-2Hexd6crw7zHJ9dEBYOD10YZkSOniIHZdzVRKxpoMeJcVMUkmYY04Ue3aVUa84GDDGr1dfsISdNYcjiKuz8Z-PISKtIlZS30SRsNtP9nUewZb-pAD3SPje/s1600/screenshot.2.jpg)
- Metasploit provides several post exploitation tools, for instance hashdump gathers hashes of all the passwords available at the victim's machine:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_GnK2KEco33Szz7DUbX3BP_Pw42jDXJMd8pSESolvShum0E_qFViOjF0EEpr4sOqzxro7m9RBSvCI2Zl6cOEzgwoyN5ZY_8ZrsT5E2Vf6WcI79lhnTMtfCDZInACUtuH7A0czGWL1SpOE/s1600/screenshot.3.jpg)
- Also, checkvm determines whether the remote system is a real or virtual machine:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiijeLShyphenhyphen9dq9neFiiZ-G5I6H_IAUL1oA1JgFeerkwKouwhfFrSUHmLyfxdXEr9KPLh5dP0GfvrwJAYZs8L454mUBrFOIrIshZKNCHTQOT-y6SU1v5YLphtd7pjM87yvf07Z-fZi6LLgMUe/s1600/screenshot.4.jpg)
- enum_configs gathers information about the victim's configuration, related to installed applications and services:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHz8qbNcJZbY6xuEjGtv1rQmbAH0ZWFKJbBVMwUnx-kkpAjy8CheR6DvmZML14CJOwkggA_07CUy-u8fnAMcjlBbEF8GnWS5nbXVl3YDUTsfPGOey86beTE1AbmwIttE6h1bRmb-VoPKnP/s1600/screenshot.5.jpg)
- enum_network collects data about the network, like IPTables rules, interfaces, ports, connections, DNS, SSH, etc ...
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUwT4vVMm9j4TkLfTYFo4ICoqZRAni61Kmqal_LUMQYpwY46etJRbJoKaFX8IVVOjq7q67fm8HJhoUfceP2bv7s73DYQNEnpikmmwD_hxVilOTc1RS9u_R3owUTqMRZnQyjxwQZ41CxDpr/s1600/screenshot.6.jpg)
- enum_protections module looks for applications used to prevent or detect attacks, like Antivirus, IDS/IPS, firewalls, etc ...
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDNL9FfXWwCwoYZQ6rVnB-8GdScqBi3as5XlY3LCKHQp_ImBfvqI6pE8xkjQTBscIUlxMNE9unFLu8CE0lOLPnqeBz_R0xC2GytB_OCRdI9gt-YUMQ7bYbvBFW44wl2P7Kkec2FgRJMYDF/s1600/screenshot.7.jpg)
- enum_system module gathers system information, like installed packages, services, mount information, user list, user bash history and cron jobs:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvMaleYfoAyZjVxwKPz7ExLpgmZg6KnYkA9TxkRd94KJOu7R3vKNNV1eSM8oeuF5nJ7jeqkeW4f7f8VfmUoX1wIsDSNxpoKocNN1npSqrH2IBk9JfhFz1Ili_7jnr6e-n1ypjgBNV7XQQg/s1600/screenshot.8.jpg)
- enum_users_history module gathers user information like user lists, bash history, mysql history, vim history, etc ...
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3dBfCRdLCnqCj5kp3lxii8Ff2VqPD_4JBmGf4cBTu1vlGLnqb5iM1YieZiUt-VKquRPCEx7FynLDCQuyCyKml_CJUCsvaqGc3PRbDzXkxDtINcNUndvt0zfkCJg40d5br4QBpMROsTOgo/s1600/screenshot.9.jpg)