Javatpoint Logo
Javatpoint Logo

Post Exploitation Concept

Purpose of Post Exploitation

The post-exploitation is used to determine the capabilities and base value of the target system. The main purpose of post-exploitation is to gain access to all parts of the target system without knowing the user or without being detected. If the attacker is detected, it will make all the effects useless and everything null. A penetration tester is used to exploit the target's computer system without any authentication and analyze the data's value presented on the system of the victim. The tester can dig even further to get more information about the target system if they deem the information valuable. A penetration tester can also analyze system configuration settings, communication modes, registry settings, and connectivity methods by which specific networks are connected to the devices. In this process, the methods and requirements can vary from rules of engagements and situations.

Rules of Engagement

The post-exploitation consists of the set of rules which is used to protect the client and penetration tester. By using these rules, the unnecessary conflicts between the client and tester can be avoided. If anything does not need to be exploited, the tester will not exploit this. Using these engagement rules, we can avoid any unnecessary actions at all costs. There are two types of set of rules, which are as follows:

Protecting Ourselves

Before making any attack, the penetration tester should learn all the necessary details about the victim or victim system. It is really important for a penetration tester to protect their identity anyhow. When the required operation is done, the tester should avoid the risk of leaving traces. A tester should perform all the operations under strict confidentiality. If a tester is detected, due to this, the whole operation will be terminated. If the tester wants to ensure the safety of digital footprinting or personal information or information of the client, the penetration tester should perform the following steps:

  • If the client is a company or business, we should sign a service level agreement or contract. This contract is used to break the security of company assets.
  • If we want to store the extracted information for a confidential purpose, we should use strong encryption methods.
  • If we want to store the information or data of the client, we tester should avoid personal devices.

Protecting the client

If the client is an individual user or a company or business, the safety of their information and data is upon us. Before the initiation of an attack, the penetration tester should have to follow the proper steps. The tester may also have analyzed the attack method's capabilities and effect and determined the best suitable method for the job. If we want to ensure the safety of both clients, the penetration tester should follow the following steps:

The tester should not involve in an exploitation exercise, which is not necessary.

Suppose the client is a company or business. In that case, the tester should not use attack methods as SSL stripping, DDoS (distributed denial of service), network packet sniffing, SQL injection without the client's proper permission. Due to these attacks, daily operators may be disturbed or halted.

Tools used for Post exploitation

Metasploit is the well known and most popular tool that is frequently used for post-exploitation. Under Metasploit, Meterpreter and other sub tools are developed, and it makes the task of post-exploitation easier and faster. The penetration testing toolkit is described by the Metasploit framework, which is used to exploit research tools and development platforms. Various auxiliary modules and pre-verified exploits are included in the framework for a handy penetration test. Metasploit also contains different handlers, encoders, and payloads, which can be mixed up to work on any pen test.

Next TopicWebsite vs Webpage




Youtube For Videos Join Our Youtube Channel: Join Now

Feedback

Help Others, Please Share

facebook twitter pinterest

Learn Latest Tutorials

Splunk tutorial

Splunk
SPSS tutorial

SPSS
Swagger tutorial

Swagger
T-SQL tutorial

Transact-SQL
Tumblr tutorial

Tumblr
React tutorial

ReactJS
Regex tutorial

Regex
Reinforcement learning tutorial

Reinforcement Learning
R Programming tutorial

R Programming
RxJS tutorial

RxJS
React Native tutorial

React Native
Python Design Patterns

Python Design Patterns
Python Pillow tutorial

Python Pillow
Python Turtle tutorial

Python Turtle
Keras tutorial

Keras

Preparation

Aptitude

Aptitude
Logical Reasoning

Reasoning
Verbal Ability

Verbal Ability
Interview Questions

Interview Questions
Company Interview Questions

Company Questions

Trending Technologies

Artificial Intelligence

Artificial Intelligence
AWS Tutorial

AWS
Selenium tutorial

Selenium
Cloud Computing

Cloud Computing
Hadoop tutorial

Hadoop
ReactJS Tutorial

ReactJS
Data Science Tutorial

Data Science
Angular 7 Tutorial

Angular 7
Blockchain Tutorial

Blockchain
Git Tutorial

Git
Machine Learning Tutorial

Machine Learning
DevOps Tutorial

DevOps

B.Tech / MCA

DBMS tutorial

DBMS
Data Structures tutorial

Data Structures
DAA tutorial

DAA
Operating System

Operating System
Computer Network tutorial

Computer Network
Compiler Design tutorial

Compiler Design
Computer Organization and Architecture

Computer Organization
Discrete Mathematics Tutorial

Discrete Mathematics
Ethical Hacking

Ethical Hacking
Computer Graphics Tutorial

Computer Graphics
Software Engineering

Software Engineering
html tutorial

Web Technology
Cyber Security tutorial

Cyber Security
Automata Tutorial

Automata
C Language tutorial

C Programming
C++ tutorial

C++
Java tutorial

Java
.Net Framework tutorial

.Net
Python tutorial

Python
List of Programs

Programs
Control Systems tutorial

Control System
Data Mining Tutorial

Data Mining
Data Warehouse Tutorial

Data Warehouse