Pentest Setup

It is also essential to keep in mind the potential impact of
vulnerability scanning on a network, especially on low bandwidth or
congested links. This can be measured using
vnstat:

script 03-21-2021-0200pm-exploitation.log -linux creates log to track activity during pentest

C:\> Start-Transcript -Path "C:\Pentesting\03-21-2021-0200pm-exploitation.log" -windows creates log to track activity during pentest

Questions to think of when looking for information :

• What system information can we pull from our target host?

• What other system(s) is our target host interacting with over the network?

• What user account(s) do we have access to, and what information is accessible from the account(s)?

• What user account do we have access to?

• What groups does our user belong to?

• What current working set of privileges does our user have access to?

• What resources can our user access over the network?

• What tasks and services are running under our user account?

helpful directories to check for user activity and info

• Looking in a Users \AppData\ folder is a great place to start. Many applications store configuration files, temp saves of documents, and more.

• A Users home folder C:\Users\User\ is a common storage place; things like VPN keys, SSH keys, and more are stored. Typically in hidden folders. (Get-ChildItem -Hidden)

• The Console History files kept by the host are an endless well of information, especially if you land on an administrator's host. You can check two different points:
  • C:\Users\<USERNAME>\AppData\Roaming\Microsoft\Windows\Powershell\PSReadline\ConsoleHost_history.txt
  • Get-Content (Get-PSReadlineOption).HistorySavePath

• Checking a user's clipboard may also yield useful information. You can do so with Get-Clipboard

• Looking at Scheduled tasks can be helpful as well.