You're In. Now What?
Getting a shell is just the beginning. The goal is often to steal data, establish long-term access, or jump to other systems.
1. Privilege Escalation
You probably hacked into the web server as the "www-data" user (low privilege). You need to become "root" or "Administrator".
- Techniques: Kernel exploits (DirtyCOW), Misconfigured Sudo rights, Weak Service Permissions.
2. Persistence
If the server reboots, you lose your shell. Persistence is the art of staying in.
- Adding a user account.
- Creating a Scheduled Task / Cron Job that connects back to you every hour.
3. Looting
Finding the gold.
- SAM Database: The file on Windows that stores password hashes.
- Mimikatz: A tool that creates magic by pulling plaintext passwords out of memory (lsass.exe).
🔬 Lab Exercise: Review
Objective: Understand the flow.
In a real engagement, this phase is where 90% of the time is spent. You would now use your foothold on the web server to scan the internal database server that was previously unbeatable from the outside. This is called "Pivoting".