Although normally blogging about hiking, NoVA-based Micah “@WebBreacher” Hoffman recently wrote about a great post-exploitation effort he’s been working on with Rob “@mubix” Fuller. It all started with an original post from Rob back in September 2011 and subsequent community involvement through shared Google Docs. At some point Micah volunteered to port the content over to a wiki hosted at PostExploitation.com so we as a community can more easily continue to grow this great pen testing resource.
via Hacking and Hiking
I’ve spoken to a number of people about the techniques that they use when, during a penetration test or other computer security test, they get a command prompt | shell | backdoor | local command execution. It really depends upon what your testing goal is as to what you do after the shell.
- You looking to scrape internal (pptx | docx | xlsx | pdfs) from the system?
- How about moving laterally to other computers on the network?
- Maintaining persistence anyone?
- Grab files like password hashes to log into systems as valid users?
- How about all of these objectives?
Ever get shell on an unfamiliar platform? Solaris 7.x anyone? AIX? Or how about an old Windows 2000 server (they still are in use in certain places….thank you legacy apps!)?
Rob Fuller (@mubix) collected/mind-dumped a great list of “things to do” on these systems in several Google docs linked to from http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html. Then he opened it up to the community to add content and make the lists better.
Now I’m helping him move the content to a new home at http://postexploitation.com. There you will find a variety of documents with commands to suite whatever your purpose is on whatever platform you control. Right now the content is being moved (albeit slowly) from the Google Docs to the wiki. I’m also adding “sample expected output” to the commands so novice/unfamiliar people can see what they should get back from the commands.
Hope this is helpful and please keep watching http://postexploitation.com for new content almost each day.
Source: “What do you do when you have shell?” – Hacking and Hiking
Thanks to Micah for allowing the repost. Today’s post pic is from Redlandsusd.net.