Post-Exploitation

Introduction File transfer is a core step after initial access because tools, logs, and evidence must move between the attacker and the target. Host controls like application allowlists, AV, and EDR often block common utilities, which means you need more than one method. Network controls such as firewalls and IPS can also restrict ports or flag unusual protocols, so flexibility is essential. A solid operator keeps multiple options ready and chooses the least noisy path that still works. ...

Introduction Linux privilege escalation starts with careful enumeration, then moves through environment weaknesses, permissions, services, and kernel internals. This guide blends theory with concrete commands you can reuse during post-exploitation. Enumeration First Enumeration gives you the attack surface and the likely paths to root. Focus on OS version, kernel version, running services, user context, sudo rights, and writable locations. System, Users, and Services Collect system and user context early, then expand to services and network state. These quick commands set the baseline and guide later steps. ...

Introduction Windows privilege escalation is about moving from a low-privilege shell to local admin or SYSTEM. It often succeeds because of weak permissions, misconfigured services, or excessive group rights. This guide merges theory and commands into a practical workflow. Workflow Overview A reliable escalation workflow starts with enumeration, then pivots into privilege and service abuse, and finally checks kernel or patch-based options. You should prioritize low-risk misconfigurations before running exploits. This keeps the engagement stable and reduces the chance of breaking the host. ...

Introduction Pivoting is the practice of using a compromised host to reach networks that are not directly accessible from the attack box. In real assessments, this usually happens after obtaining credentials, SSH access, a shell, or a Meterpreter session on a system that sits between two segments. That compromised machine becomes a pivot host, jump host, foothold, or proxy, and from there the assessment can move deeper into the target environment without requiring direct connectivity from the outside. ...

Why Good Reporting Matters Penetration testing is not only about finding weaknesses. It is also about producing a clear record of what was tested, what was observed, what was exploited, and what the client should do next. A report is a time-bound snapshot of the target environment, so it should state when the work happened, who performed it, what source systems were used during testing, and any special conditions such as VPN access or internal jump hosts. ...