post-exploitation-basics.md

description
https://tryhackme.com/r/room/postexploit

Post-Exploitation Basics

This room will cover all of the basics of post-exploitation; we'll talk everything from post-exploitation enumeration with powerview and bloodhound, dumping hashes and golden ticket attacks with mimikatz, basic information gathering using windows server tools and logs, and then we will wrap up this room talking about the basics of maintaining access with the persistence metaploit module and creating a backdoor into the machine to get an instant meterpreter shell if the system is ever shutdown or reset.

This room will be related to very real world applications and will most likely not help with any ctfs however this room will give you great starting knowledge of how to approach a network after you have gained a shell on a machine.

Enumeration w/ Powerview

Powerview is a powerful powershell script from powershell empire that can be used for enumerating a domain after you have already gained a shell in the system.

1.) Start Powershell - powershell -ep bypass -ep bypasses the execution policy of powershell allowing you to easily run scripts

\

Enumeration w/ Bloodhound

Dumping hashes w/ mimikatz

\

Golden Ticket Attacks w/ mimikatz

\

\

\

Enumeration w/ Server Manager

Maintaining Access

Resources

• https://blog.harmj0y.net/

• https://adsecurity.org/?page_id=1821

• https://metasploit.help.rapid7.com/docs/about-post-exploitation\

• http://www.pentest-standard.org/index.php/Post_Exploitation

• https://offsec.red/mimikatz-cheat-sheet/

• https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

Tools/Malware Used -

• https://github.com/gentilkiwi/mimikatz
• https://github.com/BloodHoundAD/BloodHound/blob/master/Ingestors/SharpHound.ps1
• https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1