Post Exploitation

Post-Exploitation Introduction

🗒️ Post-Exploitation is the final phase of interaction with a target during a pentest. Using various attacking techniques, the pentester determines the value of the compromised system and keeps control of it for future usage, depending on the kind of access and the stealthiness he must have.

It is what the pentester does after the initial foothold and the techniques depends on the target characteristics (operating system, infrastructure).

  • The techniques must follow the Rules of Engagement agreed upon with the client before the penetration test, based on the company infrastructure and services.

Necessary permissions are required to conduct post-exploitation techniques like modifying services, system configuration, logs deletion, perform privilege escalation.

Methodology

  1. Local Enumeration

  2. Transferring Files

  3. Upgrading Shells

  4. Privilege Escalation

  5. Persistence

  6. Dumping & Cracking Hashes

  7. Pivoting

  8. Clearing Tracks

The post-exploitation process repeats itself after pivoting to another new target.

PreviousInjecting Payloads into PEsNextPrivilege Escalation

Last updated