I’ve spoken to a number of people about the techniques that they use when, during a penetration test or other computer security test, they get a command prompt | shell | backdoor | local command execution. It really depends upon what your testing goal is as to what you do after the shell.
- You looking to scrape internal (pptx | docx | xlsx | pdfs) from the system?
- How about moving laterally to other computers on the network?
- Maintaining persistence anyone?
- Grab files like password hashes to log into systems as valid users?
- How about all of these objectives?
Ever get shell on an unfamiliar platform? Solaris 7.x anyone? AIX? Or how about an old Windows 2000 server (they still are in use in certain places….thank you legacy apps!)?
Now I’m helping him move the content to a new home at http://postexploitation.com
. There you will find a variety of documents with commands to suite whatever your purpose is on whatever platform you control. Right now the content is being moved (albeit slowly) from the Google Docs to the wiki. I’m also adding “sample expected output” to the commands so novice/unfamiliar people can see what they should get back from the commands.