Meterpreter Although powerful, as a single tool will still have his limitations, so after metasploit4.0 introduced a post-infiltration attack module, through the Meterpreter in the use of Ruby-written modules for further infiltration attacks.
(1) Get the partition of the target machine:
(2) Determine if it is a virtual machine:
If sometimes we penetrate the test to find that the target machine is a virtual machine, it is necessary to wake up more than spirit, it is possible that this is the other set up a honeypot system.
(3) Remote control by implanting the backdoor:
Add a key value to the target host's registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run by running the persistence post-infiltration attack module in the Meterpreter session. For the purpose of self-booting, the-x parameter specifies how the start is initiated, and the-I parameter specifies the time interval for the reverse connection.
Then resume Meterpreter client, on the designated back to the 443 port to listen, waiting for the backdoor reconnect
(4) Metsvc after penetration attack module:
Another way to persist Meterpreter on the target host is to use the Metsvc module to install Meterpreter as a system service on the target host.
You can do this by typing run metsvc in the Meterpreter session
As you can see, Meterpreter has become a self-booting system service in the target host.
(6) Getgui after penetration attack module:
You can turn on the remote desktop of the target host via Getgui:
Add a user named Travis Password to Meterpreter and turn on Remote Desktop
Or, first add the new user in the shell with the net user command, adding the new user to the Administrators user group, and note that you may need to get system permissions at this point. Then we use Getgui again and bind to port 8080.
Then enter the user name password added to the shell in the rdesktop, you can log in to the remote host.
Don't forget to destroy the body after you've done bad things, remember to clean the battlefield after every Getgui.
(7) Dumplink module:
Get the most recent system action from the target host, accessing files and Office Document Action records:
(8) Enum_applications module
Get the system installer and patch situation:
(9) Record key: Usually to get system permissions
(10) Get the browser cache file:
(11) System Password Acquisition:
We can also use Meterpreter's own hashdump, but we need to get system permissions