Introduction to Post-Exploitation Modules

Post-exploitation modules in the Metasploit Framework are designed to be used after you have successfully established a session, such as a Meterpreter shell, on a target system. Unlike initial exploitation modules that aim to gain access, post-exploitation tools focus on gathering information, escalating privileges, maintaining persistence, and moving laterally through the network. These modules are found within the post directory in the Metasploit console and are categorized by the operating system, such as Windows, Linux, or Android, and by functionality, such as gathering browser history, dumping password hashes, or identifying patch levels. To begin using these modules, you must first have an active session, which you can verify by typing sessions -l in your console. Once a session is active, you can interact with it by typing sessions -i [session_id].

To utilize a post-exploitation module, use the command use post/[os]/[category]/[module_name]. For example, to gather basic system information from a Windows target, you might use use post/windows/gather/win_privs. After selecting a module, you must configure it by setting the required options, most notably the SESSION variable, which tells the module which active connection to target. You can set this by typing set SESSION [session_id]. Finally, executing the module with run or exploit will initiate the action on the target machine. These modules are essential for understanding the value of the compromised system and planning the next steps of an assessment. They allow you to perform actions like searching for specific files, capturing keystrokes, or taking screenshots without needing to manually upload and execute separate tools, thereby reducing your footprint on the target system.

Metasploit
Creating a Payload Using Msfvenom
Interact with the Target OS (Part 1)

Get industry recognized certification – Contact us

keyboard_arrow_up