1
00:00:00,910 --> 00:00:02,440
And welcome back.

2
00:00:03,130 --> 00:00:06,220
Time to touch on a subject of post exploitation.

3
00:00:07,140 --> 00:00:13,170
We have traveled a long way from the beginning, we covered the information gathering where we try to

4
00:00:13,170 --> 00:00:17,640
get as much information about our target that we would find useful for a future attack.

5
00:00:18,570 --> 00:00:25,270
After it, we scanned our target from technical aspect and we discovered it's open ports and softwares

6
00:00:25,290 --> 00:00:26,050
that it runs.

7
00:00:26,910 --> 00:00:32,370
We then used different tools to figure out whether that target has any known durability that we might

8
00:00:32,370 --> 00:00:33,560
be able to exploit.

9
00:00:33,960 --> 00:00:40,680
And then we exploited many different targets from the anticipatable to Windows seven and Windows 10.

10
00:00:41,430 --> 00:00:47,820
We both saw how to exploit its vulnerabilities and then after it, we created our own payloads that

11
00:00:47,820 --> 00:00:49,680
we executed on the target system.

12
00:00:50,310 --> 00:00:52,950
Now comes the part after the exploitation.

13
00:00:53,340 --> 00:00:56,900
What are we going to do now that we're on the target system?

14
00:00:57,450 --> 00:01:01,080
What are we looking for and what cool things can we even do?

15
00:01:01,980 --> 00:01:08,970
Well, we have lots and lots of options, depending on what we want to find, of course, for example,

16
00:01:09,240 --> 00:01:16,410
the most simple thing we can do is scroll through their file system and look through what files and

17
00:01:16,410 --> 00:01:18,600
programs they have on their machine.

18
00:01:19,500 --> 00:01:25,380
Maybe we could find something interesting, such as saved passwords instead of a file or some other

19
00:01:25,380 --> 00:01:29,880
important files for the company that are laying on that machine unprotected.

20
00:01:30,690 --> 00:01:37,200
We could also download files from that machine and also upload files to it in case we want to send another

21
00:01:37,200 --> 00:01:41,540
payload or another executable that we want to run on their system.

22
00:01:42,120 --> 00:01:44,690
We can do all of this with our interpreter Shell.

23
00:01:45,000 --> 00:01:47,010
Just be running a few comments.

24
00:01:47,940 --> 00:01:54,420
Talking about passwords, that is also something that we would look for, we could try to extract saved

25
00:01:54,420 --> 00:01:56,500
passwords from browsers, for example.

26
00:01:57,090 --> 00:02:02,320
Remember, when you click on that button that says, remember me once you log into some Web page?

27
00:02:02,730 --> 00:02:06,730
Well, those passwords could be stored somewhere on their machine.

28
00:02:07,050 --> 00:02:10,240
And why would we go for passwords, you might be asking?

29
00:02:10,770 --> 00:02:15,570
Well, getting Target's online accounts just expands our access to them.

30
00:02:16,230 --> 00:02:21,300
Imagine you were to get their PayPal password and gain access to their PayPal account.

31
00:02:21,960 --> 00:02:26,820
That wouldn't be so pretty for them since you would have access to all of their funds.

32
00:02:27,510 --> 00:02:34,140
Another thing we could try to do is gain access to the entire network from the target machine that we

33
00:02:34,140 --> 00:02:37,140
hacked may be inside of Companies Network.

34
00:02:37,150 --> 00:02:42,680
You managed to get access to one machine, but it doesn't have all the things you might need.

35
00:02:43,140 --> 00:02:48,270
Maybe some important files could be on some other machine from that same network.

36
00:02:48,690 --> 00:02:54,480
In that case, you would want to try to hack that other machine from the machine that you already hacked.

37
00:02:54,750 --> 00:02:58,750
Now, you might be wondering, well, why not from our Linux machine?

38
00:02:59,490 --> 00:03:05,040
Well, maybe machines that belong to that network have more trust between one another.

39
00:03:05,490 --> 00:03:10,980
Maybe they exchange files or communicate with some other software altogether on that same network.

40
00:03:11,520 --> 00:03:17,760
In that sense, it would be easier to get access to one of those machines from a system that is already

41
00:03:17,760 --> 00:03:19,120
inside of their network.

42
00:03:19,140 --> 00:03:19,550
Right.

43
00:03:20,340 --> 00:03:25,370
Maybe we would also want to run our key logger on the machine we got access to.

44
00:03:25,770 --> 00:03:30,870
Now, Kielburger is a program that captures every keyboard input from that machine.

45
00:03:31,470 --> 00:03:37,920
So with this, not only we could maybe capture some passwords that the user of that machine would input

46
00:03:37,920 --> 00:03:44,460
in some secure website or software, but we would also be able to see everything else that he or she

47
00:03:44,460 --> 00:03:50,850
typed from what they searched on the Internet to maybe the messages that they're sending on social media

48
00:03:51,210 --> 00:03:55,610
from that machine or basically anything that they type in the keyboard.

49
00:03:55,770 --> 00:03:57,030
We will be able to see it.

50
00:03:57,570 --> 00:03:58,410
Amazing, right?

51
00:03:59,100 --> 00:04:05,400
You can picture post exploitation as some type of information gathering on the target system.

52
00:04:06,180 --> 00:04:12,420
And these things that we talked about are just a small portion of what we can do once we hack a machine.

53
00:04:13,610 --> 00:04:19,910
Now, the Fed briefly talked about post exploitation theory, let us see what available tools and comments

54
00:04:19,910 --> 00:04:25,700
we can use to achieve all of the things that we mentioned and even more so in the next video.