Collection
directories
• /bin - basic programs (ls, cd, cat, etc.) • /sbin - system programs (fdisk, mkfs, sysctl, etc) • /etc - configuration files • /tmp - temporary files (typically deleted on boot) • /usr/bin - applications (apt, ncat, nmap, etc.) • /usr/share - application support and data files
Understand the machines role in the network and what you might find. As to what you want to gather. //Search modules meterpreter> run post/windows/gather <tab> Modules to run: enum_applications //then check for those apps in the enumeration scripts. Also we may note the verson and check them against public exploits credential_collector //hashes can come in handy and we can run these against other machines sometimes enum_shares enum_chrome MSF enum scripts(win): scraper winenum Search for files: meterpreter> search -f *.kdbx -r -d . Take a screenshot: meterpreter> screenshot Keylogging: //find this in notes somewhere Networking: > ipconfig /all //See if it gives us any nic/ip ranges that are new. > arp > route > netstat -ano //show active connections Services running: > wmic /? > wmic service /? > wmic service get /? > wmic service get caption,started > wmic service where started=true get caption Web Browser passwords: http://www.nirsoft.net/utils/web_browser_password.html Windows post exploitation command list: https://docs.google.com/document/d/1U10isynOpQtrIK6ChuReu-K1WHTJm4fgG3joiuz43rw/edit?hl=en_US http://tim3warri0r.blogspot.com/ Linux post exploitation command list: https://docs.google.com/document/d/1ObQB6hmVvRPCgPTRZM5NMH034VDM-1N-EWPRz2770K4/edit?hl=en_US https://web.archive.org/web/20150317144317/https:/n0where.net/linux-post-exploitation OSX post exploitation command list: https://docs.google.com/document/d/10AUm_zUdAQGgoHNo_eS0SO1K-24VVYnulUD2x3rJD3k/edit?hl=en_US MSF post exploitation command list: https://docs.google.com/document/d/1ZrDJMQkrp_YbU_9Ni9wMNF2m3nIPEA_kekqqqA2Ywto/edit?pref=2&pli=1 Post exploitation wiki: https://github.com/mubix/post-exploitation-wiki
Last updated