# Post-Exploitation

## Introduction To Post-Exploitation

* **Post-exploitation** is the final phase of the penetration testing process and consists of the tactics, techniques and procedures that attackers/adversaries undertake after obtaining initial access on a target system.
* In other words, post-exploitation involves what you do or have to do once you gain an initial foothold on the target system.
* Post-exploitation will differ based on the target operating system as well as the target infrastructure.
* The post-exploitation techniques and tools that you can use will depend on what kind of access you have on the system you have compromised as well as how stealthy you have to be.
* This ultimately means that you will need to utilize different techniques and tools based on the target operating system and its configuration.
* The post-exploitation techniques you can run against the target will need to abide by the rules of engagement agreed upon with the client you are performing the pentest for.

> Note: When running post-exploitation techniques, you need to be sure that you have the necessary permissions and rights to modify services, system configurations, perform privilege escalation, delete logs etc.

## **Post-Exploitation Methodology**

* In order to perform a thorough and complete post-exploitation phase, we need to utilize a structured methodology that encompasses the most important stages of post-exploitation that can be applied during engagements.
* This structured, methodological approach ensures that we do not skip/overlook important phases of the post-exploitation phase in addition to providing us with trackable objectives based on each stage.

<figure><img src="https://3226903849-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FaKwXOzYgG7jDDDoVkYvX%2Fuploads%2F6ZtXf4lp1bp891YKUtQ4%2FPost-Exploitation%20Methodology.png?alt=media&#x26;token=efcabfa0-bd62-4868-a5b1-8670ac828efe" alt=""><figcaption><p>Post-Exploitation Methodology</p></figcaption></figure>

## **Post-Exploitation** Checklist

1. **Local Enumeration**
   * [ ] Enumerating System Information
   * [ ] Enumerating Users And Groups
   * [ ] Enumerating Network Information
   * [ ] Enumerating Services
   * [ ] Automating Local Enumeration
2. **Transferring Files**
   * [ ] Setting Up A Web Server With Python
   * [ ] Transferring Files To Windows Targets
   * [ ] Transferring Files To Linux Targets
3. **Upgrading Shells**
   * [ ] Upgrading Command Shells To Meterpreter
   * [ ] Spawning TTY Shells
4. **Privilege Escalation**
   * [ ] Identifying PrivEsc Vulns
   * [ ] Windows PrivEsc
   * [ ] Linux PrivEsc
5. Persistence
   * [ ] Setting Up Persistence On Windows
   * [ ] Setting Up Persistence On Linux
6. Dumping & Cracking Hashes
   * [ ] Dumping & Cracking Windows Hashes
   * [ ] Dumping & Cracking Linux Hashes
7. Pivoting
   * [ ] Internal Network Recon
   * [ ] Pivoting
8. Clearing Your Tracks
   * [ ] Clearing your Tracks On Windows & Linux

***

***

***

**`Hacker's Mantra:`**`Hackers are the architects of the digital world.`