Contents in Detail
ix
msf> show options .................................................................................... 58
msf> show payloads .................................................................................. 60
msf> show targets ..................................................................................... 62
info ......................................................................................................... 63
set and unset ............................................................................................ 63
setg and unsetg ......................................................................................... 64
save ........................................................................................................ 64
Exploiting Your First Machine .................................................................................. 64
Exploiting an Ubuntu Machine ................................................................................. 68
All-Ports Payloads: Brute Forcing Ports ....................................................................... 71
Resource Files ........................................................................................................ 72
Wrapping Up ........................................................................................................ 73
Scanning for Ports with Nmap .................................................................... 76
Attacking MS SQL ..................................................................................... 76
Brute Forcing MS SQL Server ...................................................................... 78
The xp_cmdshell ........................................................................................ 79
Basic Meterpreter Commands ..................................................................... 80
Capturing Keystrokes ................................................................................. 81
Extracting the Password Hashes .................................................................. 82
Dumping the Password Hash ...................................................................... 83
Pass the Hash ........................................................................................................ 84
Privilege Escalation ................................................................................................ 85
Token Impersonation ............................................................................................... 87
Using ps ............................................................................................................... 87
Pivoting onto Other Systems .................................................................................... 89
Using Meterpreter Scripts ........................................................................................ 92
Migrating a Process ................................................................................... 92
Killing Antivirus Software ........................................................................... 93
Obtaining System Password Hashes ............................................................ 93
Viewing All Traffic on a Target Machine ...................................................... 93
Scraping a System .................................................................................... 93
Using Persistence ...................................................................................... 94
Leveraging Post Exploitation Modules ....................................................................... 95
Upgrading Your Command Shell to Meterpreter ......................................................... 95
Manipulating Windows APIs with the Railgun Add-On ................................................ 97
Wrapping Up ........................................................................................................ 97
Creating Stand-Alone Binaries with MSFpayload ...................................................... 100
Evading Antivirus Detection ................................................................................... 101
Encoding with MSFencode ....................................................................... 102
Multi-encoding ........................................................................................ 103
Custom Executable Templates ................................................................................ 105
Launching a Payload Stealthily................................................................................ 106