Post-Exploitation

Post-Exploitation begins once initial access has been obtained and focuses on consolidating control, escalating privileges, and deepening understanding of the compromised system.

The primary objective of this phase is privilege escalation, both on Linux and Windows, transforming limited access into administrative or root-level control while maintaining operational security.

This section contains distilled notes from my Hack The Box – Pentesting Path study.

Full repository (expanded notes, diagrams, screenshots): https://github.com/lameiro0x/pentesting-path-htb

File Transfer

Introduction File transfer is a core step after initial access because tools, logs, and evidence must move between the attacker and the target. Host controls like application allowlists, AV, and EDR often block common utilities, which means you need more than one method. Network controls such as firewalls and IPS can also restrict ports or flag unusual protocols, so flexibility is essential. A solid operator keeps multiple options ready and chooses the least noisy path that still works. ...

Linux privilege escalation

Reference & Disclaimer This article is based on my personal study notes from the Information Security Foundations track. Due to scope and readability constraints, theoretical explanations, command details, output interpretation, and script code examples are intentionally highly summarized in this article. For full explanations, complete command usage, real outputs, and detailed script implementations, readers are strongly encouraged to consult the full repository. Full repository: https://github.com/lameiro0x/pentesting-path-htb Introduction Linux privilege escalation starts with careful enumeration, then moves through environment weaknesses, permissions, services, and kernel internals. This guide blends theory with concrete commands you can reuse during post-exploitation. ...

Windows privilege escalation

Reference & Disclaimer This article is based on my personal study notes from the Information Security Foundations track. Due to scope and readability constraints, theoretical explanations, command details, output interpretation, and script code examples are intentionally highly summarized in this article. For full explanations, complete command usage, real outputs, and detailed script implementations, readers are strongly encouraged to consult the full repository. Full repository: https://github.com/lameiro0x/pentesting-path-htb Introduction Windows privilege escalation is about moving from a low-privilege shell to local admin or SYSTEM. It often succeeds because of weak permissions, misconfigured services, or excessive group rights. This guide merges theory and commands into a practical workflow. ...