Navigation : Reconnaissance Enumeration Initial access Exploitation Post-Exploitation - Post-Exploitation Unix -- File transfer -- Privilege escalation -- Collect credentials - Post-Exploitation Windows - Post-Exploitation AD - Pivoting / tunneling - Password cracking Wi-Fi Web Misc Forensic Collect credentials Tools https://github.com/0xmitsurugi/gimmecredz Crack Shadow cp /etc/passwd . cp /etc/shadow . unshadow passwd shadow > unshadowed john --format=md5crypt unshadowed Keystore keytool -list -v -keystore keystore.jks Privilege escalation Post-Exploitation Windows