In this chapter, we have reviewed the steps necessary to locate and gather information from compromised hosts. We have also discussed the risk involved with improper preparation and just how important it is that the rules of engagement are agreed upon and followed exactly BEFORE any testing occurs. In addition, we have provided the base information needed for you to understand the thought process behind post-exploitation and what needs to occur to ensure a successful penetration test.

It is important to remember that there are other commands, tools, and methods that should be used when pilfering the target system. Remember to focus on the goal and not waste too much time trying to dig into information that will not be beneficial to the test. Every testing team (and tester) has a set of commands and output formats they prefer, as long as the critical information is found

At this point it is advisable to start getting used to logging your work. We address reporting more in future chapters...