Advanced post exploitation with Metasploit
In this section, we will use the information gathered from basic commands to achieve further success and access levels on the target.
Migrating to safer processes
As we saw in the previous section, our meterpreter session was loaded from a temporary file. However, if a user of a target system finds the process unusual, they can kill the process, which will kick us out of the system. Therefore, it is a good practice to migrate to a safer process, such as explorer.exe or svchost.exe, which evades the eyes of the victim, by using the migrate command. We can use the ps command to figure out the PID of the process we want to jump to, as shown in the following screen:
We can see that the PID of explorer.exe is 1896. Let's use the migrate command to jump into it, as shown in the following screenshot:
We can see we successfully managed to jump into the explorer.exe process.
Tip
Migrating from one process to a another may downgrade privileges.
