Phase-III: maintaining access / post-exploitation / covering tracks
Maintaining access to the target or keeping a backdoor at the startup is an area of critical concern if you belong to the law enforcement industry. We will discuss advanced persistence mechanisms in the upcoming chapters. However, when it comes to a professional penetration test, post-exploitation tends to be more important than maintaining access. Post-exploitation gathers vitals from the exploited systems, cracks hashes to admin accounts, steals credentials, harvests user tokens, gains privileged access by exploiting local system weaknesses, downloads and uploads files, views processes and applications, and much, much more.
Let us perform and run some quick post-exploitation attacks and scripts:
Running some quick post-exploitation commands such as getuid will find the user who is the owner of the exploited process, which in our case is the administrator. We can also see the process ID of the exploited process by issuing...
