Post-exploitation information gathering can be a long and drawn-out process, but it is an essential step when trying to pivot or establish advanced persistence. Every hacker should know how to enumerate a target manually, but sometimes it is worth it to automate the process. Metasploit contains post modules that can quickly gather valuable information about a target, saving both time and effort.
In the previous tutorial, we used Metasploit's local exploit suggester to get root on the target. To use post modules, we need to have a Meterpreter session running. These modules will run as any user to some extent, but having root-level access is ideal as it allows us unrestricted access to the system.
What Information Is Most Valuable to an Attacker?
It has been said time and time again that reconnaissance is one of the most critical phases of an attack. It applies to not only the initial preparation for an attack, but also the post-exploitation stage. Successful mining of information after a target is compromised can lead to longer persistence and exploitation of additional machines.
Some of the most valuable information to an attacker includes things like password hashes, credentials, and any other sensitive data that ..
Support the originator by clicking the read the rest link below.
