Meterpreter Modules

Upgrading Regular Shells

Regular shells can usually be upgraded to meterpreter shells by using the module post/multi/manage/shell_to_meterpreter

Extensions

Mimikatz (kiwi)

It's well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory.

Powershell

Loads windows powershell in meterpreter

Modules

post/windows/gather/checkvm

This will determine if we're in a VM

post/multi/recon/local_exploit_suggester

This will check for various exploits which we can run within our session to elevate our privileges.

autoroute

used for pivoting, can add routing, it is a command in meterpreter shell like run autoroute -h

post/windows/gather/win_privs

This will list out users and their rights

Proxy Server

auxiliary/server/socks_proxy : to start a proxy server out of current session

Enumerate Applications

post/windows/gather/enum_applications : Enumerate the installed applications on the target machine

Firefox Credentials Gathering

post/multi/gather/firefox_creds : dumps the firefox stored credentials from the machine

exploit/windows/smb/psexec

The psexec module is often used by penetration testers to obtain access to a given system that you already know the credentials for.

PreviousTools NextImpacket's Psexec

Last updated 2 years ago

hashtagUpgrading Regular Shells

hashtagExtensions

hashtagMimikatz (kiwi)

hashtagPowershell

hashtagModules

hashtagpost/windows/gather/checkvm

hashtagpost/multi/recon/local_exploit_suggester

hashtagautoroute

hashtagpost/windows/gather/win_privs

hashtagProxy Server

hashtagEnumerate Applications

hashtagFirefox Credentials Gathering

hashtagexploit/windows/smb/psexec