Metasploit
Who cares if it's easy, that's the point right?
Common Uses
Using the exploit/multi/handler to catch reverse shells and manage several sessions. Make sure that you have the correct payload to catch.
Use the exploit/windows/smb/psexec module with known credentials to create easy meterpreter sessions to pivot and exploit further. Can set the SERVICE_FILENAME option to remove the random garbage used, because its suspicious (using something like svchost helps hide!).
Meterpreter
Payload with fancy shell, series of DLLs injected into a process memory and doesnt touch the disk, no separate process created. All comms over meterpreter are TLS encrypted unless specifically told not to.
Managing Meterpreter Sessions
Sessions are managed with the sessions -l command. Channels inside of sessions are managed with channels -l command. Upgrade existing shells with the sessions -u 1 command.
CTRL-Z will background a channel or session
Load additional modules using use [module name]
Mimikatz in Meterpreter
We can load mimikatz directly into a running meterpreter session, giving us serious power. Need to be running as SYSTEM, and we need to make sure the process we're in is the same architecture as the host.
Check if we're in matching arch types with sysinfo. Check the Architecture and Meterpreter info to make sure they match. If we need to move, check which running processes have the correct arch and are running as SYSTEM also with ps -A x64 -s, then we can move with migrate [PID]. Validate the arch and meterpreter types match with sysinfo again.
Now we can import the mimikatz module with load kiwi. Running help will show our new mimikatz commands we can use. Using creds_all will dump all available hashes and plaintext passwords!
Meterpreter Commands
Arsenal
Modular combination of scanners, exploits, payloads, and post modules.
Modules
Troubleshooting
Having issues importing a module? make sure that you check the logs at ~/.msf4/logs/framework.log
Last updated