Comment on page
Post Exploitation methodology
Post-exploitation refers to any actions taken after a session is opened.
Some of the actions you can take in an open session include:
- Collect System Information (Run script or manual find)
- Pivot
- Run Meterpreter Modules
- Search the File System
- Kernel Exploit (Use script)
- Exploiting services which are running as root
netstat -antup
andps -aux | grep root
- Exploiting SUID Executables
- Exploiting SUDO rights/user
- Exploiting badly configured cron jobs
- Exploiting users with ‘.’ in their PATH
windows-exploit-suggestor.py
windows_privesc_check.py
windows-privesc-check2.exe
- Miss-configured services (cronjobs)
- any running as a privileged user?
- Incorrect file permissions (exportfs, sudo)
- Miss-configured environment ($PATH)
- Binary with SUID bit
- Software or OS with known vulnerabilities
Can you su to root without a password?
su root
Are you a sudo user already? Do you have access to powerful commands like chown or chmod?
sudo su -
Log in as another user''
sudo -i -u <username>
grep -i user [filename]
grep -i pass [filename]
grep -C 5 "password" [filename]
find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password"
Last modified 3yr ago