Exploit and payload preparation
Start the exploit
Post exploitation: Understand the exploited environment
What is the machine?
Which process has meterpreter attached to?
Post exploitation: Using script to enhance your finding
Is this a real machine or virtual machine?
What is the user doing now? Can I see it?
A screenshot will pop up.
Oh by the way…is this machine idle or actively used by user?
What are the applications installed on victim’s system?
I want to know and retrieve victim’s browser history
Post exploitation: using scraper
Metasploit is indeed a powerful platform for testing exploitation scripts and use the written scripts to conduct pentesting. However the more I use metasploit the more keen I am to learn at least one script so that I am not limiting myself to the current scripts provided by metasploit framework.