Daemon Of Hacking
  • WELCOME!
    • 👋/home/usr/KruKnight
  • METHODOLOGIES & RESOURCES
    • Passwords & Attacks
    • Post Exploitation
      • 👀Situational Awareness
      • 🖥️Privilege Escalation
        • Linux Privilege Escalation
        • Windows Privilege Escalation
  • Writeups
    • CyCtf 2024
      • Vending Machine
      • Aerospace
      • OhMyCell
    • Portswigger Labs
      • Authentication
        • Username enumeration via different responses
        • 2FA simple bypass
        • Password reset broken logic
        • Username enumeration via subtly different responses
        • Username enumeration via response timing
        • Broken Brute-Force Protection, IP Block
        • Username enumeration via account lock
        • 2FA broken logic
        • Brute-forcing a stay-logged-in cookie
        • Offline password cracking
        • Password reset poisoning via middleware
        • Password brute-force via password change
        • Broken brute-force protection, multiple credentials per request
      • Os Command Injection
        • OS command injection, simple case
        • Blind OS command injection with time delays
        • Blind OS command injection with output redirection
        • Blind OS command injection with out-of-band interaction
        • Blind OS command injection with out-of-band data exfiltration
      • Cross-Origin Resource Sharing (CORS)
        • CORS vulnerability with basic origin reflection
        • CORS vulnerability with trusted null origin
        • CORS vulnerability with trusted insecure protocols
      • Server-side template injection
        • Basic server-side template injection
        • Basic server-side template injection (code context)
      • Server-Side Request Forgery (SSRF)
        • Basic SSRF against the local server
        • Basic SSRF against another back-end
        • Blind SSRF with out-of-band detection
        • SSRF with blacklist-based input filter
        • SSRF with filter bypass via open redirection vulnerability
      • Path Traversal
  • 🟩HTB Writeups
    • Heal
Powered by GitBook
On this page
  • Introduction
  • Post Exploitation Tactics
  • Situational Awareness
  • Persistence
  • Privilege Escalation
  • Discovery
  • Lateral Movement
  • Pivoting
  • Exfiltration

Was this helpful?

  1. METHODOLOGIES & RESOURCES

Post Exploitation

Introduction

When doing a pentest, after gaining access to the system by a shell or other means, you need to figure out what to do next This is stage is called Post Exploitation

This is the phase where the depth of an attacker's skills and tools come into play, and the choice of actions largely depends on the attacker's objectives and the opportunities presented by the compromised system.

In this article, I’m going to explain various post-exploitation tactics, starting from what to do after gaining initial access to how to fully compromise the target’s network.

Post Exploitation Tactics

Situational Awareness

Situational Awareness is understanding the target environment. Once we gain access to our first system, we can learn a lot about the target environment.

Persistence

We use persistence to maintain access to a system should the system reboot, the service restart, or because a defender attempts to kick us out. Maintaining access like this is less common in a pen test and more common in a red team engagement.

Privilege Escalation

Privilege escalation is a critical step in the post-exploitation phase of a cyberattack, where an attacker expands their control over the compromised system by gaining higher-level permissions. Higher-level permissions are essential for executing commands that require administrative rights, accessing sensitive data, and ensuring the persistence of the attacker's presence within the system.

Discovery

We often need to move to gain access to our objectives, but first, we need to find those targets.

Lateral Movement

Lateral movement refers to the strategy used by attackers to navigate through a network after gaining initial access. Unlike privilege escalation, which focuses on elevating an attacker's permissions vertically (to higher levels of authority) or horizontally (across the same level of authority but to different user accounts), lateral movement is about spreading their foothold across multiple systems within the network.

Pivoting

Pivoting stands out from lateral movement and privilege escalation by specifically utilizing a compromised system as a strategic base for attacking additional systems within the network, especially those not directly reachable from the attacker’s initial entry point.

Exfiltration

The act of stealing data from the compromised system. Exfiltration can be as simple as copying files to a remote server or as complex as encrypting data for stealthy removal.

PreviousPasswords & AttacksNextSituational Awareness

Last updated 8 months ago

Was this helpful?