metasploit

Sooner or later, penetration testers might feel the modules that are auto included in the Metasploit framework to be lacking. In such a case, they will want to add a new exploit to Metasploit.

After penetrating a system during testing, it’s wise to make a backdoor on the system for easy entry later on. I followed the Metasploit Unleashed examples to make a persistent Meterpreter Service.

For the purpose of mass spamming or spear phishing, hackers use a module available in Metasploit that pulls email accounts of a particular organization from ‘Google’, ‘Bing’ and ‘Yahoo’. Hackers find it useful to perform online password attacks later on–it is important to know the IDs or usernames to before commencing the cracking process–during targeted attacks.

After successfully establishing a meterpreter session on the victim’s system, you can use the ‘hashdump’ module to dump the Windows password hashes. Self-explanatory: You can try to crack these hashes online or crack locally on your own machine using john the ripper.