What is a Website In this section, we are going to understand what a website really is. A website is nothing but just an application that is installed on a device or computer. A website has two main applications that are a web server(for example, Apache), and a database(for example, MySQL). The  web server  is used to understand and executes the web application. A web application can be written in Java, Python, PHP, or any other programming language. The only restriction is that the web server needs to be able to understand and execute the web application. The  database  contains the data that is used by the web application. All of this is stored on a computer called the server. The server is connected to the internet and has an IP address, and anybody can access or ping it. The web application is executed either by the target or by the web server which is installed on our server. Therefore, any time we run a web application or request a page, it is actually e...

  Methods to Maintain access In the previous section, we had seen that when the target user restarted the computer, we would lose our connection. We used a normal backdoor that's why, when the computer restarted, our backdoor would be terminated, the process would be terminated, and we would lose our connection. But in this section, we are going to discuss the methods that will allow us to maintain our access to the target computer. We are going to use a normal HTTP reverse Mterepreter undetectable backdoor that we created previously. We are going to inject it as a service so that it will run every time the target user run their computer and it will try to connect back to us at certain intervals. To do this, we will run  background  command and interact with the session on number  2 . We are going to run a module using the command  use exploit/windows/local/persistence . It is like a multi-handler module that comes with Metasploit. After this command, we will ru...

  Filesystem commands Now, we will look at some more commands that will allow us to upload, download, list, read, navigate, and execute files on the target machine. We have a running session which is Meterpreter, and the first thing that we are going to do is run the  pwd  command to get our current working directory. This command will bring us to the  C:\Users  location. Now, we will run ls command to list all of the files and directories, as shown in the following screenshot: Let's suppose that we want to navigate to the  IEUser  folder. To do this, we will run  cd IEUser  command. If we run  pwd , we can see that we will be in  C:\Users\IEUser  directory. Then we will go to the Downloads directory and run  ls  command to list the files, as shown in the following screenshot: In the above screenshot, we can see the  passwords.txt  file, which seems like an interesting file. If we want to read this file, we ...

  Basic of Meterpreter In this section, we are going to learn about how to interact with Metasploit's Meterpreter. In Linux, the  help  command is used to get the information about a specific command. So, the first thing that we are going to do is run the  help  command, to get a big list of all the commands that we can run. It also tells us the description of what each command does, as shown in the following screenshot: The first thing that we are going to highlight is the  background  command, as shown in the following screenshot: The  background  command basically used to background the current session without terminating it. This command is very similar to minimizing a window. So, after running the  background  command, we can go back to Metasploit and run other commands to further exploit the target machine, maintaining our connection to the computer that we just hacked. We will use the  sessions -l  command, to see a...

  Post exploitation Introduction Now we have learned how to gain access to our target machine. In this section, we are going to learn a number of things that can be done after we have gained access to a computer. We will look at what we do with the target computer regardless of how we gain access to it. In the previous section, when we got a reverse Meterpreter session from our target, we always stopped. But in this section, we are going to start with a Meterpreter session. We will learn, what we can do after gaining access. We will be discussing how to maintain access to a target computer even if the target restarts the computer or the user uninstalls the vulnerable programs. We will look at how to download files, read files, upload files, open the webcam, start the keylogger to register keystrokes, and so on. We will also look at how to use a target computer as a pivot to exploit all computers on the same network. In this section, all the things that we are going to do will focus...

  Protecting against delivery methods In this section, we will learn how to protect from delivery methods. We are going to use tools like  XArp , or static ARP table to prevent a  man-in-the-middle  attack, and avoid networks we don't know. Another precaution is to ensure that we are using the  HTTPs  when we download updates. This will reduce the risk of downloading a fake update. We are going to learn another tool that is useful, which is  WinMD5 . This program will alert us when the signature or checksum of the file has been modified in any way, which indicates that the file is not the original file. To check, we are going to download and run  WinMD5 , where we can compare signature and checksum for a file. If the values of signature and checksum are same, the file is safe. We can download WinMD5 using the following link: http://www.winmd5.com/ In the following screenshot, the highlighted part shows the signature of this tool: Now, if we go on...

  Fake bdm1 Update Now, we have an undetectable backdoor, but we still have not found an efficient way to deliver this backdoor to the target computer. In real life, if we ask the target to download and run an executable, it probably would not download and run it, so we are now looking at how to fake an update so that the user will want to download and install the executable on their machine. This scenario will work until we are in the middle of a connection. For example, when redirecting traffic via a mobile phone, when implementing a man-in-the-middle attack, or when using a fake network. In this section, we will look at DNS spoofing with ARP poisoning. This will mean we are in the same network as the target machine. In our example, the network is wired. We are going to use a tool called as Evilgrade to act as a server to produce the fake updates. Using the following link, we can download Evilgrade: https://github.com/PacktPublishing/Fundamentals-of-Ethical-Hacking-from-Scratch O...