During the exploitation phase of the Cyber Kill Chain, ethical hackers and penetration testers focus on taking advantage of potential security vulnerabilities that were identified during the reconnaissance phase with the intent to determine whether the security vulnerability exists on the targeted system or not. However, while the exploitation phase may seem like a victory for aspiring ethical hackers, keep in mind that the objective is to discover known and hidden security flaws that may exist on the organization’s assets.

After exploiting a targeted system or network, performing post-exploitation techniques enables penetration testers to gather sensitive information such as users’ log-on credentials and password hashes, impersonate high-privilege user accounts to gain access to other systems, perform lateral movement to go deeper and expand their foothold into hidden areas of the network, and use pivoting techniques to perform host...

To follow along with the exercises in this chapter, please ensure that you have met the following software requirements:

• Kali Linux – https://www.kali.org/get-kali/
• Metasploitable 3 – https://app.vagrantup.com/rapid7/boxes/metasploitable3-win2k8
• PacketWhisper – https://github.com/TryCatchHCF/PacketWhisper

As you learned in Chapter 9, Performing Network Penetration Testing, the Microsoft Windows operating system does not store the passwords of local users in plaintext. Rather, it converts the passwords into a New Technology LAN Manager (NTLM) hash on newer versions of Windows and stores that within the Security Accounts Manager (SAM) file. Penetration testers usually experience time constraints while conducting a penetration test on an organization. For instance, while cyber-criminals have a lot of time to perform reconnaissance, identify security vulnerabilities, and exploit their targets, penetration testers do not typically have unlimited time. In many cases just a few weeks is allocated to complete a security assessment on specific company assets. This means they must work quickly and efficiently to ensure the goals of the pentesting engagement are met.

Performing password cracking can be a very time-consuming task. While some penetration testers may...

In this section, you will learn to leverage the power of Meterpreter to help automate many post-exploitation actions on a compromised host. Meterpreter is a Metasploit component that allows a penetration tester to interact with a reverse shell between the victim/compromised machine and the attacker machine. Metasplot does all the heavy lifting and even helps the attacker manage multiple sessions.

To put it simply, Meterpreter is a process that runs on the memory of the compromised system and does not write any data on the compromised system’s disk, therefore reducing the risk of detection and attribution. Penetration testers will be able to execute various actions on their Meterpreter console, which are then remotely executed on the compromised target machine.

Let’s quickly recap. In Chapter 2, Building a Penetration Testing Lab, you assembled and built your very own penetration testing lab environment with various internal...

As an aspiring ethical hacker and penetration tester, gaining the skills for encoding files such as malicious payloads and restricted files into less suspicious file types is essentials when transferring executables over a network as it simply reduces the risk of threat detection during the file transfer process. Furthermore, understanding how to perform data exfiltration as a penetration tester will be very useful as some penetration testing engagements may require you to extract sensitive files from a network without being detected by the organization’s security team and their solutions.

Over the next couple of sections, you will learn how to encode Windows executable files in ASCII format and how to convert any file type into DNS queries for data exfiltration.

Encoding using exe2hex

The exe2hex tool enables a penetration tester to encode any executable files into ASCII format to reduce the risk of detection. This tool helps ethical...

Having completed this chapter, you have gained the hands-on skills and experience needed by ethical hackers and penetration testers that’s commonly used during the post-exploitation phase. You have learned how to perform pass-the-hash techniques to gain access to a targeted system without using the plaintext password but rather by leveraging the extracted password hashes. In addition, you have learned how to perform various actions using Meterpreter such as transfer files, privilege escalation, token stealing and impersonation, implementing persistence, and carrying out lateral movement to expand a foothold on the network.

I trust that the knowledge presented in this chapter has provided you with valuable insights, supporting your path toward becoming an ethical hacker and penetration tester in the dynamic field of cybersecurity. May this newfound understanding empower you in your journey, allowing you to navigate the industry with confidence and make a significant...

• Security Account Manager (SAM) file: https://www.techtarget.com/searchenterprisedesktop/definition/Security-Accounts-Manager
• OS Credential Dumping: LSA Secrets: https://attack.mitre.org/techniques/T1003/004/
• PacketWhisper: https://github.com/TryCatchHCF/PacketWhisper
• Man-in-the-Middle attacks: https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/
• Meterpreter: https://www.offsec.com/metasploit-unleashed/

Join our community on Discord

Join our community’s Discord space for discussions with the author and other readers:

https://packt.link/SecNet