Penetration testing

Kali Linux: Top 5 tools for post exploitation

Graeme Messina
July 20, 2021 by
Graeme Messina

Post exploitation is a stage in a penetration test or legitimate hack where the objective is to maintain access to a remote computer. Once access has been gained to a target device or system, it is time for post exploitation. Once an intruder is comfortable in an environment, they can use a set of tools to maintain their access and achieve a higher level of privileges on the machine.

The tools that we will be looking at will help maintain access to a target machine for as long as required until it’s time to pivot to a new target. Famous cases where a remote connection was maintained for a very long time include the Mariott data breach where a breach persisted for over four years.

This article should help you to identify these applications so that if you find them active on a target machine within your network you can take action. The result is that it should make it more difficult for someone to connect and stay connected to your network.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

What is post exploitation?

When learning about how to perform penetration tests on target computers, you will eventually need to learn about post exploitation. Post exploitation is the process of maintaining access to a compromised system and escalating privileges on that machine.

It allows you to stay connected to the remote computer so that you can return to it at a later time, or stay connected until you need to achieve your next objective. If this incursion is not identified and removed on a production network then it puts the operation at risk.

Data, passwords and other critical information could potentially be exfiltrated, and malicious payloads can be introduced to the environment if not dealt with, so you need to learn how to identify these scenarios so that you can successfully remove them when you encounter them.

The best tools for post exploitation

We have gathered some of the most commonly used tools that are found in Kali that are used during the post exploitation phase of a penetration test.

The tools mentioned below are meant to help you maintain access or get the highest privilege level in a machine, but they can be used for different purposes based on your needs.

Here is our list of five commonly found post exploitation tools:

1. Metasploit

Using the Metasploit tool, application vulnerabilities may be identified, which may help in their exploitation. Metasploit contains many useful features such as post exploitation modules and a command shell.

You can use this tool for web application testing, network scanning, system hacking or even exploiting other applications on the same computer.

Metasploit will show you what is vulnerable to the hacker so that they can be exploited with ease. Metasploit simplifies the process of exploiting system vulnerabilities.

Metasploit is not only used for post exploitation, it can be also used to find and exploit weaknesses in applications, systems, networks or operating system software.

2. Nmap

This is a favorite hacking tool for many cybersecurity professionals. It's an open-source security scanner that allows network exploration and security auditing during a penetration test.

It's a must-have in the toolbox of any security professional and it's used by everyone from system administrators to hackers. This tool is also not just limited to post exploitation exercises.

Nmap can be used for many purposes, from examining the security of your network to hacking other networks. Kali Linux comes with Nmap pre-installed.

The user can use a variety of options for scanning the network, including TCP connect() scan and SYN scans. Nmap is capable of scanning large networks quickly and with ease, making it one of the most popular network security tools around.

3. Netcat

This tool is great because it has many uses such as port listening, creating backdoor shells, port scanning and much more. Netcat can be used to set up port redirection which can help with client-server communication.

This tool is available on almost every operating system and has a lot of advanced options for the more experienced user.

Netcat allows you to read data from network connections and send data as well. Netcat helps you read from and write to a network connection using TCP or UDP protocols. This utility is robust and can be used either directly, or can be controlled via remote scripts and commands.

4. Hping3 

Hping is another tool that runs from the command line. It is probably best described as a TCP/IP packet assembler as well as an analyzer. It has been designed to allow the easy generation of complex, custom packets for penetration testing and network analysis tasks.

Hping3 does a lot more than regular ping, which makes it especially useful when trying to probe the defenses of a network. It can also be used maliciously to perpetrate DoS (denial of service) attacks, packet floods and more.

5. Burp Suite

Burp Suite is used for probing web applications for vulnerabilities. This tool is highly effective and it can help you find vulnerabilities by performing firewall tests and advanced port scanning. 

Every web application is different, based on the frameworks that they are built on. Burp Suite comprises many different tools that are designed to work with one another to enhance the testing process of web applications. It is especially useful for the initial mapping of an application’s attack surface, through to finding the security vulnerabilities and exploiting them.

Why you should learn these techniques and how to get started with Kali Linux

As a cybersecurity professional, you must know how to use Kali Linux. It has a variety of tools that will make your job much easier because it has many tools that can be used for many different security tasks, including post exploitation.

Kali is an open-source operating system that has been developed to help security experts during their tasks. You can find many tools on this platform for attacking and testing systems.

It's also important to learn these techniques because they will help you get a better understanding of what tools an attacker could be using when your network is in its sights.

Because of this, you will be in a better position to stop an attack and will enable you to potentially frustrate any efforts that are being made by a hacker that has gained access to a system.

Bonus tips on what to do after exploiting your target machine, such as pivoting, privilege escalation and persistence

There are many more ways to escalate and magnify the damage to a system once access has been gained by an attacker.

The basic idea is that a  user with elevated privileges is a user that has permission to perform any operations and tasks on a system that would normally be reserved for power users or system administrators.

Privilege escalation will allow you to move up the ranks of users until you are in either administrator or root-level privileges, which means that you have unrestricted control over all aspects of the machine.

Kali Linux offers an easy way for us to use tools that will help us to escalate privileges on a machine.

Pivoting is a process that an attacker follows when they discover a new angle of attack on a system. For instance, after they gain access to the machine through an exploit and notice another vulnerability on the network.

Pivoting is when your attack vector changes and you have new avenues of exploitation available because you now control one or more machines in that network.

Kali helps to facilitate pivoting because it has so many tools already installed and ready to use. Once you identify a new vulnerability, you can start to pivot from the compromised machine to find new places you can attack.

Persistence is a term that you will often hear in cybersecurity

Persistence is the idea that attackers want to keep control over a system and hold on to it as long as they can. With persistence, an attacker has access to a machine for months or even years because they find new ways of exploiting the victim's computers.

By employing Kali's wide range of tools to stay connected to compromised test machines, you will learn how to identify persistence techniques yourself.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Utilizing Kali Linux tools for post exploitation

Kali has an excellent range of post exploitation tools. It's helpful if you're able to get the highest privilege level on a machine before installing some of these.

There are tools for backdooring operating systems and web applications, as well as tunneling. Persistence is something that attackers want so they can hold onto control over a system for months or years by discovering new ways to stay connected.

By using a combination of tools available on Kali Linux you can learn how to detect suspicious behavior, and hopefully, stop an attack before it causes too much damage to a system or a computer network.

 

Sources:

Hping3 package description, Kali Tools

Learn Kali Linux, Packt

Firewall security testing, Infosec 

Cheating VoIP security by flooding the SIP, Infosec

Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.