[ Pen Testing ] :: Step by Step: Post-Exploitation

Post-Exploitation

Now we’re in, and it’s time to expand our powers.

Post-Exploitation in Windows

CrackMapExec is our most excellent friend here. It’s a Windows/Active Directory exploration/exploitation tool that lets us walk their domain and machines and do whatever we damn well wanna. And it’s current as of this writing (2018).

Here’s a really good walk-through:
https://byt3bl33d3r.github.io/getting-the-goods-with-crackmapexec-part-1.html

It handles:

  • Post-exploitation scanning and recon
  • Automated authentication to multiple targets
  • Enumerating shares
  • Dumping SAM hashes
  • Executing commands

CrackMapExec is a friggin’ Batmobile. (Screw “swiss army knife”: Batman keeps a dozen of those in the Batmobile.)

Get it at:
https://github.com/byt3bl33d3r/CrackMapExec

or:

git clone https://github.com/byt3bl33d3r/CrackMapExec.git

Smbexec is a similar but older tool (last updated in 2015). It covers a set of features similar to CrackMapExec’s, and is a pretty sweet tool in its own right. Get a good description and installation instructions at:
https://www.pentestgeek.com/penetration-testing/smbexec-2-0-released

or:

git clone https://github.com/brav0hax/smbexec

 

Leave a Reply