So here it is, the exploitation phase! Now that a number of vulnerabilities have been discovered, we can proceed to the fun part, exploitation.

Let us explore how this can be accomplished:

  • First, let us browse to the list of vulnerabilities and click on our desired exploit module. In this case, we will be using exploit/multi/samba/usermap_script as follows:

Mce51.png

  • We are then taken to the exploit module page. We can now specify our Target Addresses, Target Settings, Payload and Evasion Options, and so forth. When ready, we can click on ‘Run Module’ to exploit the target system(s).

Mce52.png

  • Exploit is now sent to the target(s) and if successful, a corresponding session is opened. Notice how we have (1) active session by looking at the ‘Sessions’ tab.

Mce53.png

  • Clicking on ‘Sessions’ provides us with more information about the active sessions to the target(s) as seen below:

Mce54.png

  • Clicking on ‘Session 3’ allows us to interact with the current session. Please note that the number ‘3’ corresponds to our current session, so you may have a different session ID. Clicking on ‘Command Shell’ allows us to interact with our target.

Mce55.png

  • We have now successfully exploited our target machine. As can be clearly seen below, we have a shell and can execute system commands.

Mce56.png

Now that we have successfully exploited our target machine, let’s take a look at post-exploitation in more detail!

Menu
X Close

 

Certified Pentesting
Professional

OSCP
course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting
Expert

OSCE
course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE

 

Certified Pentesting
Web Expert

OSWE
course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

OSWP
course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation
Expert

OSEE
course starting at
See
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE