The exploitation phase of penetration testing focuses on gaining access to your target, such as a vulnerable host on a network. However, while the exploitation phase will seem like a victory, remember that as a penetration tester, your objective is to discover known and hidden security vulnerabilities within an organization's network and their assets. After exploiting a system or network, performing post-exploitation techniques will allow you to gather sensitive data such as users' login credentials and password hashes, impersonate high-privilege users on the network to gain access to other systems and servers, perform lateral movement to go deeper into restricted areas of the network, and use pivoting techniques to perform host discovery and exploitation through a compromised host.

During the course of this chapter, you will discover how to perform various post-exploitation techniques using Meterpreter...

To follow along with the exercises in this chapter, please ensure that you have met the following hardware and software requirements:

• Kali Linux 2021.2: https://www.kali.org/get-kali/
• OWASP BWA: https://sourceforge.net/projects/owaspbwa/files/
• Metasploitable 3: https://app.vagrantup.com/rapid7/boxes/metasploitable3-win2k8
• Windows 10 Enterprise: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
• Python 2.7.18: https://www.python.org/downloads/release/python-2718/
• PacketWhisper: https://github.com/TryCatchHCF/PacketWhisper

During the course of this section, you will leverage the power of Meterpreter to help automate a lot of post-exploitation actions on a compromised host. Meterpreter is a component within Metasploit that allows a penetration tester to interact with a reverse shell between the victim/compromised machine and the attacker machine via Metasploit. To put it simply, Meterpreter is a process that runs on the memory of the compromised system and does not write any data on the compromised system's disk, therefore reducing the risk of detection and attribution. Penetration testers will be able to execute various actions on their Meterpreter console, which are then remotely executed on the compromised host machine.

Just to quickly recap, during Chapter 2, Building a Penetration Testing Lab, you assembled and built your very own penetration testing lab environment that contains various internal networks and an internet connection, as shown in the following...

As an aspiring ethical hacker and penetration tester, gaining the skills for encoding files such as malicious payloads and restricted files into less suspicious file types is vital when transferring executables as it simply reduces the risk of threat detection during the file transfer process. Furthermore, understanding how to perform data exfiltration as a penetration tester will be very useful as some penetration testing engagements may require you to extract sensitive files from a network without being detected by the organization's security team and their solutions.

Over the next couple of sections, you will learn how to encode Windows executable files in ASCII format and how to convert any file type into DNS queries for data exfiltration.

Encoding executables using exe2hex

exe2hex allows a penetration tester to encode any executable files into ASCII format to reduce the risk of detection. This tool helps ethical hackers and penetration...

When connected on a network, whether it's wired or wireless, there are a lot of packets being sent back and forth between hosts. Some of these packets may contain sensitive and confidential information, such as usernames, passwords, password hashes, and documents, which are valuable to a penetration tester. While there are many secure network protocols that provide data encryption, there are many unsecure network protocols that transmit data in plaintext.

While networking technologies have evolved over time, this is not the case for many network protocols with the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. There are many applications and services that operate on a client-server model that sends sensitive data in plaintext, allowing a penetration tester to both intercept and capture such data. Capturing user credentials and password hashes will allow you to easily gain access to clients and servers...

During the course of this chapter, you have gained hands-on experience and skills to conduct post-exploitation actions on a compromised host within a network. You have learned how to perform privilege escalation and steal and impersonate a user's token on a compromised system. You have also discovered how to perform lateral movement across a network, pivot your attacks through a victim machine, and access a hidden network. Furthermore, you have learned how to encode executable files into ASCII format to evade threat detection and have gained the skills to perform data exfiltration using DNS messages between a compromised host and Kali Linux. Lastly, you have gained the skills for performing MITM attacks on a network.

I hope this chapter has been informative for you and is helpful in your journey as an aspiring penetration tester learning how to simulate real-world cyber-attacks to discover security vulnerabilities and perform exploitation using Kali Linux. In the next...

To learn more on the subject, check out the following resources:

• Vulnerabilities in the application and transport layers: https://hub.packtpub.com/vulnerabilities-in-the-application-and-transport-layer-of-the-tcp-ip-stack/
• PTES post-exploitation: http://www.pentest-standard.org/index.php/Post_Exploitation
• MITM attacks: https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/