In this chapter, we reviewed the steps necessary to locate and gather information from compromised hosts. We have also discussed the risk involved with improper preparation and just how important it is that the Rules of Engagement are agreed upon and followed exactly before any testing occurs. In addition, we provided the base information needed for you to understand the thought process behind post-exploitation, and what needs to occur to ensure a successful penetration test.

It is important to remember that there are other commands, tools, and methods that should be used when pilfering the target system. Remember to focus on the goal and not waste too much time trying to dig into information that will not be beneficial to the test. Every testing team (and tester) has a set of commands and output formats they prefer, as long as the critical information is found.

At this point, it is advisable to start getting used to logging your work. We address reporting more in future chapters. Keep in mind that in order to report, you will need data. It is also important to have a log of any and all system commands you may have run on a remote system, in case there are problems down the road or you simply want to repeat the exact test again in the future to see if progress has been made in securing the units in question.

We concluded the chapter with two challenges for you that will provide you with the opportunity to flex and enhance your skills.

In the next chapter, we will delve into bypassing firewalls and avoiding IDSs. This is important when testing not only the environment, but also the response of the security and network staff at a site. We will cover the logic behind bypassing IDSs and also how to mimic commonly seen traffic patterns to avoid detection.