🍩
HackBook.io
  • Pentesting Pocket Book for hackers and developers.
  • Reconnaissance
    • Internal Recon Basics
    • OSINT
      • Infrastructure
      • Recon-ng
      • Users
      • Google Dorks
    • Active Scanning
      • NMAP
        • NSE
          • reconnoitre
        • NMap Evasion
      • NC Scan
      • Finger Printing
    • Web Server OSINT
      • WhatWeb
      • Subdomains
      • Directory & File Enumeration
        • Enumeration
          • GoCutty
          • gobuster
          • Dirb
          • nikto
        • Fuzzing
        • Crawling
  • Web Application Hacking
    • Web 101
      • Clients
      • Servers
      • Encodings
    • Web Hacking Techniques
      • SOP
      • Open Redirect
      • File & Resource Attacks
        • Directory Traversal
          • Dir Traversal Fuzzer
        • LFI
        • RFI
        • Unrestricted File Uploads
      • XSS
        • DOM
        • Stored
        • Reflected
        • Blind
        • Self XSS
      • XXE
        • XXE Payloads
      • XPath
      • SSRF
      • CSRF
      • SQLi
        • SQL Basics
        • Securing SQL
        • Hacking SQL
          • sqlmap
          • In-Band
          • Error Based
          • Blind
      • Authorization
      • Session Hijacking
      • Command Injection
      • Insecure Deserialization
      • File Uploads
        • File Upload Mitigations
      • HPP
      • Click Jacking
        • Adobe SWF Investigator
      • HTTP Response Splitting
      • Flash 101
        • Flash Hacking
      • HTML5
        • WebSockets
        • CORS
          • iframe
          • Headers
    • Web Hacking Procedures
      • Captcha
      • Username Generation
      • Username Enumeration
      • Inhouse WebApps
      • SSL Cert Generation
      • CMS
        • WordPress
        • Joomla
      • Popular Exploits
        • Bludit CMS
        • ShellShock
        • WebDav
  • Weaponization
    • Buffer Overflows (BOF)
      • DSBOFG
        • Scripts
  • Initial Access
    • 😈Services
      • Finger
      • SNMP
      • LDAP
      • SMTP
      • NFS
      • RPC
        • RPCBind
      • RDP
      • SQL
        • NoSQL
      • POP3
      • Samba
      • SMB
      • SSH
      • Telnet
      • NetBios
      • VOIP/SIP
      • DNS
        • DNS Lookups
        • Zone Transfer
        • SubDomain Enums
        • dnsdumpster
    • 😈Shells
      • Powercat
      • Odd Shells
      • Troubleshoot
      • TTY/PTTY
  • Persistence
    • File Transfers
      • Py->Exe->Txt
      • Cross compile example
    • Backdoors
  • Privilege Escalation
    • Universal Escalation
    • Windows Escalation
      • Automated
      • Popular Exploits
        • ActiveXObject to Wscript RCE
        • Macros
        • Object Linking
    • Linux Escalation
      • Automated
    • Passwords
      • John
      • Medusa
      • Cewl
      • ncrack
      • Crunch
      • Hydra
      • MITM
      • Responder
        • SAM
          • pwdump and fgdump
          • Pass-the-hash
      • Crack the hash
      • NTLM
  • Network Discovery
    • Network Traffic
      • tcpdump
    • Internal Discovery
  • Collection and Staging
    • Collection
      • File types
  • Hacking Objectives
    • Non Kinetic War (Quick Guide)
  • Procedures
    • Bash Guide
    • Active Directory
    • Crypto 101
    • Forensics
  • Glossary
  • Hacking Frameworks
    • Metasploit
      • msfvenom
    • Dsnif
  • ThreatModeling
    • Threat Modeling Overview
  • Certifications
    • VMDR
      • Qualys Asset Management
      • Qualys Vulnerability Management
      • Qualys Threat Prioritization
      • Qualys Response (Patch Deployment)
    • OSCP Cheat Sheet
  • RF - Radio Frequency
    • Ham Technician
Powered by GitBook
On this page

Was this helpful?

  1. Collection and Staging

Collection

PreviousInternal DiscoveryNextFile types

Last updated 3 years ago

Was this helpful?

directories

• /bin - basic programs (ls, cd, cat, etc.) • /sbin - system programs (fdisk, mkfs, sysctl, etc) • /etc - configuration files • /tmp - temporary files (typically deleted on boot) • /usr/bin - applications (apt, ncat, nmap, etc.) • /usr/share - application support and data files

Understand the machines role in the network and what you might find. As to what you want to gather. //Search modules meterpreter> run post/windows/gather <tab> Modules to run: enum_applications //then check for those apps in the enumeration scripts. Also we may note the verson and check them against public exploits credential_collector //hashes can come in handy and we can run these against other machines sometimes enum_shares enum_chrome MSF enum scripts(win): scraper winenum Search for files: meterpreter> search -f *.kdbx -r -d . Take a screenshot: meterpreter> screenshot Keylogging: //find this in notes somewhere Networking: > ipconfig /all //See if it gives us any nic/ip ranges that are new. > arp > route > netstat -ano //show active connections Services running: > wmic /? > wmic service /? > wmic service get /? > wmic service get caption,started > wmic service where started=true get caption Web Browser passwords: Windows post exploitation command list: Linux post exploitation command list: OSX post exploitation command list: MSF post exploitation command list: Post exploitation wiki:

http://www.nirsoft.net/utils/web_browser_password.html
https://docs.google.com/document/d/1U10isynOpQtrIK6ChuReu-K1WHTJm4fgG3joiuz43rw/edit?hl=en_US
http://tim3warri0r.blogspot.com/
https://docs.google.com/document/d/1ObQB6hmVvRPCgPTRZM5NMH034VDM-1N-EWPRz2770K4/edit?hl=en_US
https://web.archive.org/web/20150317144317/https:/n0where.net/linux-post-exploitation
https://docs.google.com/document/d/10AUm_zUdAQGgoHNo_eS0SO1K-24VVYnulUD2x3rJD3k/edit?hl=en_US
https://docs.google.com/document/d/1ZrDJMQkrp_YbU_9Ni9wMNF2m3nIPEA_kekqqqA2Ywto/edit?pref=2&pli=1
https://github.com/mubix/post-exploitation-wiki
Page cover image