Having established access into your target network environment by compromising vulnerable hosts, it’s time to reach the next level. This part of the book is all about what network attackers do after they’ve compromised a target system.
In chapter 8, you’ll learn the critical components of post-exploitation, including how to maintain reliable entry, harvest credentials, and move laterally. This chapter focuses specifically on Windows techniques. Chapter 9 covers the same post-exploitation key components but on Linux systems. You’ll learn where to search for sensitive information, including configuration files and user preferences, and also how to set up an automated reverse-shell callback job using crontab.
Finally, in chapter 10, you’ll elevate your access to that of a domain admin user. Once you have access to the domain controller, you can browse volume shadow copies for protected files. You’ll learn how to obtain privileged credentials from Windows by exporting all of the Active Directory password hashes from the ntds.dit file. When you are finished with this part of the book, you will have completely taken control of your target enterprise network environment.