8 Windows post-exploitation
This chapter covers
- The three primary objectives of post-exploitation
- Maintaining persistent meterpreter access
- Harvesting domain ached credentials
- Extracting clear-text credentials from memory
- Searching the filesystem for credentials inside configuration files
- Using pass-the-hash to move laterally
Now that our movie heist crew has successfully broken into or penetrated several areas of their target facility, it’s time for them to move on to the next phase of their engagement. Smash into the vault room, grab the jewels and run? No not quite yet. That will cause a lot of commotion and they will most likely get caught. Their plan instead is to blend in with the workers at the facility and slowly move off with incrementally larger amounts of loot without arousing suspicions before eventually disappearing without a trace. At least that’s the best-case scenario that they are hoping for. In the movies they will most likely make some sort of mistake and eventually get caught.
Nonetheless, the next thing they need to concern themselves with is how they can move freely throughout the compound and come and go as they please. Some of the things they might do would be steal uniforms from a supply closet, so they look the part. Create fake employee records in the company database, and maybe even print out working badges for these employees, assuming they have that level of access. This scenario is similar to post-exploitation on a penetration test.