Post Exploitation methodology

Post-exploitation refers to any actions taken after a session is opened.

Some of the actions you can take in an open session include:

• Collect System Information (Run script or manual find)

• Pivot

• Run Meterpreter Modules

• Search the File System

Linux Privilege Escalation Checklist

• Kernel Exploit (Use script)

• Exploiting services which are running as root netstat -antup and ps -aux | grep root

• Exploiting SUID Executables

• Exploiting SUDO rights/user

• Exploiting badly configured cron jobs

• Exploiting users with ‘.’ in their PATH

Linux script

Linux post exploitation scripts

Windows script

windows-exploit-suggestor.py

windows_privesc_check.py

windows-privesc-check2.exe

See Linux Post exploitation command line

Linux Post Exploitation Command List

Things to look for

• Miss-configured services (cronjobs)

• any running as a privileged user?

• Incorrect file permissions (exportfs, sudo)

• Miss-configured environment ($PATH)

• Binary with SUID bit

• Software or OS with known vulnerabilities

SUDO

Can you su to root without a password?

su root

Are you a sudo user already? Do you have access to powerful commands like chown or chmod?

sudo su -

Log in as another user''

sudo -i -u <username>

Privilege Escalation using SUID Binaries

Linux Privilege Escalation using SUID Binaries

Grep hardcoded passwords

grep -i user [filename]
grep -i pass [filename]
grep -C 5 "password" [filename]
find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password"