What do you do when you have shell?

I’ve spoken to a number of people about the techniques that they use when, during a penetration test or other computer security test, they get a command prompt | shell | backdoor | local command execution. It really depends upon what your testing goal is as to what you do after the shell.

  • You looking to scrape internal (pptx | docx | xlsx | pdfs) from the system?
  • How about moving laterally to other computers on the network?
  • Maintaining persistence anyone?
  • Grab files like password hashes to log into systems as valid users?
  • How about all of these objectives?
Ever get shell on an unfamiliar platform? Solaris 7.x anyone? AIX? Or how about an old Windows 2000 server (they still are in use in certain places….thank you legacy apps!)? 
Rob Fuller (@mubix) collected/mind-dumped a great list of “things to do” on these systems in several Google docs linked to from http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html. Then he opened it up to the community to add content and make the lists better.
Now I’m helping him move the content to a new home at http://postexploitation.com. There you will find a variety of documents with commands to suite whatever your purpose is on whatever platform you control. Right now the content is being moved (albeit slowly) from the Google Docs to the wiki. I’m also adding “sample expected output” to the commands so novice/unfamiliar people can see what they should get back from the commands.
Hope this is helpful and please keep watching http://postexploitation.com for new content almost each day.

Comments are closed.

Up ↑

%d bloggers like this: