This phase can sometimes be the most challenging phase of them all. In this phase, the attacker uses the information obtained from the previous phases to exploit the target. Upon successful exploitation of vulnerabilities, the attacker can then remotely execute malicious code on the target and gain remote access to the compromised system.
The following can occur once access is gained:
- Password cracking
- Exploiting vulnerabilities
- Escalating privileges
- Hiding files
- Lateral movement
The gaining-access (exploitation) phase can at times be difficult as exploits may work on one system and not on another. Once an exploit is successful and system access is acquired, the next phase is to ensure that you have a persistent connection back to the target.