File tree Expand file tree Collapse file tree 5 files changed +42
-43
lines changed
documentation/modules/post/windows/gather Expand file tree Collapse file tree 5 files changed +42
-43
lines changed Original file line number Diff line number Diff line change 3
3
This Module will perform an ARP scan for a given IP range through a Meterpreter Session.
4
4
5
5
## Verification Steps
6
- 1 . Start ` msfconsole `
6
+ 1 . Start msfconsole
7
7
2 . Get meterpreter session
8
- 3 . Do: ` use post/windows/gather/arp_scanner `
9
- 4 . Do: ` set SESSION <session id> `
10
- 5 . Do: ` run `
8
+ 3 . Do: ``` use post/windows/gather/arp_scanner `` `
9
+ 4 . Do: ``` set SESSION <session id> `` `
10
+ 5 . Do: ``` run `` `
11
11
12
12
## Options
13
13
14
- ```
14
+ ***
15
15
RHOSTS
16
- ```
16
+ ***
17
17
The target address range or CIDR identifier.
18
18
19
- ```
19
+ ***
20
20
SESSION
21
- ```
21
+ ***
22
22
The session to run this module on.
23
23
24
- ```
24
+ ***
25
25
THREADS
26
- ```
26
+ ***
27
27
The number of concurrent threads.
28
28
29
29
## Scenarios
Original file line number Diff line number Diff line change 3
3
This module enumerates ways to decrypt Bitlocker volume and if a recovery key is stored locally or can be generated, dump the Bitlocker master key (FVEK)
4
4
5
5
## Verification Steps
6
- 1 . Start ` msfconsole `
6
+ 1 . Start msfconsole
7
7
2 . Get meterpreter session
8
- 3 . Do: ` use post/windows/gather/bitlocker_fvek `
9
- 4 . Do: ` set SESSION <session id> `
10
- 5 . Do: ` set DRIVE_LETTER <letter> `
11
- 6 . Do: ` run `
8
+ 3 . Do: ``` use post/windows/gather/bitlocker_fvek `` `
9
+ 4 . Do: ``` set SESSION <session id> `` `
10
+ 5 . Do: ``` set DRIVE_LETTER <letter> `` `
11
+ 6 . Do: ``` run `` `
12
12
13
13
## Options
14
14
15
- ```
15
+ ***
16
16
DRIVE_LETTER
17
- ```
18
- Dump informations from the DRIVE_LETTER encrypted with Bitlocker.
17
+ ***
18
+ Dump information from the DRIVE_LETTER encrypted with Bitlocker.
19
19
20
- ```
20
+ ***
21
21
RECOVERY_KEY
22
- ```
22
+ ***
23
23
Use the recovery key provided to decrypt the Bitlocker master key (FVEK).
24
24
25
- ```
25
+ ***
26
26
SESSION
27
- ```
27
+ ***
28
28
The session to run this module on.
29
29
30
30
## Scenarios
@@ -49,7 +49,7 @@ This module enumerates ways to decrypt Bitlocker volume and if a recovery key is
49
49
[+] This hard drive could later be decrypted using : dislocker -k <key_file> ...
50
50
[*] Post Successful
51
51
[*] Post module execution completed
52
- msf5 post(windows/gather/bitlocker_fvek) > sessions 1
52
+ msf post(windows/gather/bitlocker_fvek) > sessions 1
53
53
[*] Starting interaction with 1...
54
54
55
55
meterpreter > sysinfo
Original file line number Diff line number Diff line change 3
3
This module uses the registry to extract the stored domain hashes that have been cached as a result of a GPO setting. The default setting on Windows is to store the last ten successful logins.
4
4
5
5
## Verification Steps
6
- 1 . Start ` msfconsole `
6
+ 1 . Start msfconsole
7
7
2 . Get meterpreter session
8
- 3 . Do: ` use post/windows/gather/cachedump `
9
- 4 . Do: ` set SESSION <session id> `
10
- 6 . Do: ` run `
8
+ 3 . Do: ``` use post/windows/gather/cachedump `` `
9
+ 4 . Do: ``` set SESSION <session id> `` `
10
+ 6 . Do: ``` run `` `
11
11
12
12
## Options
13
13
14
- ```
14
+ ***
15
15
SESSION
16
- ```
16
+ ***
17
17
The session to run this module on.
18
18
19
19
Original file line number Diff line number Diff line change 3
3
This module displays the records stored in the DNS cache.
4
4
5
5
## Verification Steps
6
- 1 . Start ` msfconsole `
6
+ 1 . Start msfconsole
7
7
2 . Get meterpreter session
8
- 3 . Do: ` use post/windows/gather/dnscache_dump `
9
- 4 . Do: ` set SESSION <session id> `
10
- 6 . Do: ` run `
8
+ 3 . Do: ``` use post/windows/gather/dnscache_dump `` `
9
+ 4 . Do: ``` set SESSION <session id> `` `
10
+ 6 . Do: ``` run `` `
11
11
12
12
## Options
13
13
14
- ```
14
+ ***
15
15
SESSION
16
- ```
16
+ ***
17
17
The session to run this module on.
18
18
19
19
@@ -24,7 +24,7 @@ This module displays the records stored in the DNS cache.
24
24
```
25
25
[*] Meterpreter session 1 opened (192.168.1.3:4444 -> 192.168.1.6:49184) at 2019-12-11 12:51:59 -0700
26
26
27
- msf post(windows/gather/cachedump) > use post/windows/gather/dnscache_dump
27
+ msf > use post/windows/gather/dnscache_dump
28
28
msf post(windows/gather/dnscache_dump) > set SESSION 1
29
29
SESSION => 1
30
30
msf post(windows/gather/dnscache_dump) > run
Original file line number Diff line number Diff line change 3
3
This module will enumerate all installed applications on a Windows system.
4
4
5
5
## Verification Steps
6
- 1 . Start ` msfconsole `
6
+ 1 . Start msfconsole
7
7
2 . Get meterpreter session
8
- 3 . Do: ` use post/windows/gather/enum_applications `
9
- 4 . Do: ` set SESSION <session id> `
10
- 5 . Do: ` run `
8
+ 3 . Do: ``` use post/windows/gather/enum_applications `` `
9
+ 4 . Do: ``` set SESSION <session id> `` `
10
+ 5 . Do: ``` run `` `
11
11
12
12
## Options
13
13
14
- ```
14
+ ***
15
15
SESSION
16
- ```
16
+ ***
17
17
The session to run this module on.
18
18
19
19
## Scenarios
@@ -36,7 +36,6 @@ This module will enumerate all installed applications on a Windows system.
36
36
Name Version
37
37
---- -------
38
38
PuTTY release 0.73 0.73.0.0
39
- PuTTY release 0.73 0.73.0.0
40
39
41
40
42
41
[+] Results stored in: /root/.msf4/loot/20191211092812_default_192.168.1.4_host.application_951840.txt
You can’t perform that action at this time.
0 commit comments