Post Exploitation Hacking

January 1, 2016

1 Introduction
Get started with Post Exploitation Hacking by viewing the course videos below.
Learn Information Gathering, Backdooring and Covering Steps – and how to
use system specific tools to get info about a system and its users, how to access
the compromised system at any time, and how to hide your activity from system
administrators.

2 Section 1

Topic title Topic description

Participants learn about protecting their client as well as
1. Post Exploitation Hacking In-
themselves and making sure they are in compliance and not
troduction
breaking any laws.
2. Basics of Networking Mac and This lesson covers the basics of networking and discusses
IP Addressing the OSI Model.
3. Basics of Networking : Tcp; This lesson discusses more obscure aspects of networking
Udp; Icmp and focuses specifically on: TCP, UDP, TFTP, and ICMP.
This unit discusses headers and the information they con-
4. Basics of Networking Headers
tain.
This lesson focuses on information gathering. Participants
5. Introduction Information
will learn about the following for Linux: Ifconfig, Netstat,
Gathering
¿Arp, /ect/nsswitch.conf, and several others.

1
3 Section 2

Topic title Topic description

This lesson focuses on using the Ifconfig command in Linux.
1. Linux Host Information Gath-
The Ifconfig is used to configure the kernel resident network
ering (part 1) Ifconfig
interfaces.
The netstat command is used to print network connections,
2. Linux Host Information Gath-
routing tables, interface statistics, masquerade connections
ering (part 2) netstat
and multicast memberships.
This lesson focuses on the Nsswitch.conf info. Nss-
3. Linux Host Information Gath- witch.conf info is a database file tht can contain a lot of
ering (part 3) Nsswitch.conf.info information such as host names, passwords and network
file stores.
The Ifconfig command shows what interfaces are available
4. Linux Tools Lab (part 1) If-
and what they are capable of using and can show how much
config, Arp, Netstat
use a given computer receives.
Resolv.conf is the main resolution file in a DNS server.
5. Linux Tools Lab (part 2) Re- Nmap is a tool that is used to scan a network and see
solv.conf, Nmap, Nsswitch what services are being given out and shows which ports
are open.
P0f is a passive scanner designed to tell things about a
6. Linux Scanning Lab machine. It informs about distant hosts and targets by
analyzing packets.
This lesson discusses network information gathering in
7. Linux Network Information
Linux. Information gathering allows a programmer to know
Gathering Lecture (part 1)
what’s happening on a network.
8. Linux Network Information
This lessons covers port specification and scan techniques.
Gathering Lecture (part 2)
This lesson focuses on Linux sniffing. Sniffing is a passive
activity that involves opening ports and listening for data
9. Linux Sniffing
and can be a useful tool in identifying what kind of traffic
is on a network.
his lesson focuses on gathering information in a Windows-
10. Windows Host Tools (part 1) based environment and focuses on discovering information
in a host machine.
his lesson focuses on gathering information in a Windows-
11. Windows Host Information
based machine environment. Learn about the following
Gathering Lecture
commands: Ipconfig/all, Netstat, and Net*.
Participants learn about the following: Net local group, Net
12. Windows Host Tools (part 2)
share, Net user.
This lessons focuses on the nslookup command. The
13. Windows Network Tools Lab nslookup command is a DNS function that can offer a lot
of information about a DNS server.

2
Topic title Topic description
14. Windows Network Informa- Participants learn about nslookup, and about net suite
tion Gathering Lecture (part 1) tools.
This lesson picks up from the previous lesson and focuses
15. Windows Network Informa-
on the following tools in the Net suite: Session, Statistics,
tion Gathering Lecture (part 2)
View, and Start.
16. Windows Network Informa- The focus of this lesson is Windows Management Instru-
tion Gathering Lecture (part 3) mentation (Wmic) line command.

4 Section 3

Topic title Topic description

1. Introduction Part 3 Persis- This lesson introduces the three main types of backdoors:
tence Backdooring RDP, Listening Shell, New user.
This lesson teaches participants step by step instructions
2. Tftp Use Lab
on using the Tftp command.
This lesson is about getting a list of useful files to download
3. Enabling Rdp Windows Lab and copy. The commands are the same from machine to
machine. This lesson focuses on RDP.
RDP is a Graphics User Interface (GUI) based remote ac-
cess mechanism. It was created by Windows for remote
4. Rdp Lecture
administration and allows computer problems to be fixed
from far away.
Post Exploitation Hacking and how to use Ncat to setup a
5. Ncat Backdoor Lecture
backdoor into a target computer.
This lesson focuses on using Ncat as a persistent backdoor
6. Windows Ncat Backdoor Lab for Windows. Participants see basic examples on how to
use the command via screen by screen instructions.
There are both advantages and disadvantages to creating a
7. New User Backdoor Lecture new user account. Participants learn about Net User and
Net Local Group.
8. Windows New User Backdoor Participants learn how to create a new user account and
Lab obtain information using the newuser command.
This lesson focuses on creating batch scripts at the console
9. Batch Schtasks At (part 1) and scheduling tasks so backdoors can be created as specific
times.
10. Batch Schtasks At (part 2) Windows scheduling tools to schedule batch and non-batch
Windows Scheduling scripts using scheduling tools.
11. Linux Bash History Touch This lesson discusses how to remove a history of commands
Lab that have been executed on a Linux machine.

3
5 Section 4

Topic title Topic description

1. Linux Bash History Covering Participants learn about the purpose of Bash history and
Tracks Windows logs as well as password cracking.
2. Password Cracking Concepts Learn some of the concepts used to crack passwords.
3. Windows Logs, Timestamps, This lesson focuses on timestamps, event log clearing and
Passwords Lecture password cracking.
This lesson focuses on Windows Security logs and how to
4. Windows Clearing Event Logs
enumerate and refuse them.
5. Windows Passwords Participants learn to discover passwords
This lesson re-visits the main points of the module: Infor-
6. Conclusion mation Gathering, Persistence and backdooring, Covering
tracks, Password cracking.