Scribd Logo
Upload

Welcome to Scribd!

  • Cheat Sheet Metasploit Meterpreter

    Uploaded by

    Rhett Ligon
    384 views7 pages
    Cheat Sheet forMetasploit Meterpreter

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Cheat Sheet forMetasploit Meterpreter

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    384 views7 pages

    Cheat Sheet Metasploit Meterpreter

    Uploaded by

    Rhett Ligon
    Cheat Sheet forMetasploit Meterpreter

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    HackLikeaPro:TheUltimate

    CommandCheatSheetforMetasploit's
    Meterpreter
    PostedBy

    occupytheweb

    8503

    3monthsago

    Follow

    45
    KUDOS

    Welcomeback,myhackernovitiates!
    I'vedonenumeroustutorialsinNullBytedemonstratingthepowerofMetasploit's
    meterpreter. With the meterpreter on the target system, you have nearly total
    commandofthevictim!
    As a result, several of you have asked me for a complete list of commands
    available for the meterpreter because there doesn't seem to be a complete list
    anywhereontheweb.Sohereitgoes!Hackasystemandhavefuntestingout
    thesecommands!

    Step1:CoreCommands
    Atitsmostbasicuse,meterpreterisaLinuxterminalonthevictim'scomputer.As
    such,manyofourbasicLinuxcommandscanbeusedonthemeterpreterevenif
    it'sonaWindowsorotheroperatingsystem.
    Herearesomeofthecorecommandswecanuseonthemeterpreter.
    ?helpmenu
    backgroundmovesthecurrentsessiontothebackground
    bgkillkillsabackgroundmeterpreterscript
    bglistprovidesalistofallrunningbackgroundscripts
    bgrunrunsascriptasabackgroundthread
    channeldisplaysactivechannels
    closeclosesachannel
    exitterminatesameterpretersession
    helphelpmenu
    interactinteractswithachannel
    irbgointoRubyscriptingmode
    migratemovestheactiveprocesstoadesignatedPID
    quitterminatesthemeterpretersession
    readreadsthedatafromachannel
    runexecutesthemeterpreterscriptdesignatedafterit
    useloadsameterpreterextension
    writewritesdatatoachannel

    Step2:FileSystemCommands
    catreadandoutputtostdoutthecontentsofafile
    cdchangedirectoryonthevictim
    deldeleteafileonthevictim
    downloaddownloadafilefromthevictimsystemtotheattackersystem
    editeditafilewithvim
    getlwdprintthelocaldirectory
    getwdprintworkingdirectory
    lcdchangelocaldirectory
    lpwdprintlocaldirectory

    lslistfilesincurrentdirectory
    mkdirmakeadirectoryonthevictimsystem
    pwdprintworkingdirectory
    rmdeleteafile
    rmdirremovedirectoryonthevictimsystem
    uploaduploadafilefromtheattackersystemtothevictim

    Step3:NetworkingCommands
    ipconfig displays network interfaces with key information including IP
    address,etc.
    portfwdforwardsaportonthevictimsystemtoaremoteservice
    routeviewormodifythevictimroutingtable

    Step4:SystemCommands
    clearavclearstheeventlogsonthevictim'scomputer
    drop_tokendropsastolentoken
    executeexecutesacommand
    getpidgetsthecurrentprocessID(PID)
    getprivsgetsasmanyprivilegesaspossible
    getuidgettheuserthattheserverisrunningas
    killterminatetheprocessdesignatedbythePID
    pslistrunningprocesses
    rebootrebootsthevictimcomputer
    reginteractwiththevictim'sregistry
    rev2selfcallsRevertToSelf()onthevictimmachine
    shellopensacommandshellonthevictimmachine
    shutdownshutsdownthevictim'scomputer
    steal_tokenattemptstostealthetokenofaspecified(PID)process
    sysinfogetsthedetailsaboutthevictimcomputersuchasOSandname

    Step5:UserInterfaceCommands
    enumdesktopslistsallaccessibledesktops
    getdesktopgetthecurrentmeterpreterdesktop
    idletimecheckstoseehowlongsincethevictimsystemhasbeenidle
    keyscan_dumpdumpsthecontentsofthesoftwarekeylogger

    keyscan_start starts the software keylogger when associated with a


    processsuchasWordorbrowser
    keyscan_stopstopsthesoftwarekeylogger
    screenshotgrabsascreenshotofthemeterpreterdesktop
    set_desktopchangesthemeterpreterdesktop
    uictlenablescontrolofsomeoftheuserinterfacecomponents

    Step6:PrivilegeEscalationCommands
    getsystemuses15builtinmethodstogainsysadminprivileges

    Step7:PasswordDumpCommands
    hashdumpgrabsthehashesinthepassword(SAM)file
    NotethathashdumpwilloftentripAVsoftware,buttherearenowtwoscriptsthat
    aremorestealthy,"runhashdump"and"runsmart_hashdump".Lookformoreon
    thoseonmyupcomingmeterpreterscriptcheatsheet.

    Step8:TimestompCommands
    timestompmanipulatesthemodify,access,andcreateattributesofafile

    StayTunedforMoreMeterpreterTips
    I've already used many of these commands in previous tutorials, and I will be
    usingmoreinfutureguidesaswelltoshowyouhowtheywork.Also,bookmark
    this page as it is possibly the most complete cheat sheet of meterpreter
    commandsfoundanywhereontheweb,soyou'llwantittoreferbacktothissheet
    often.
    Finally, check out my second meterpreter cheat sheet with the 135 scripts
    availableforthemeterpretertocontinuehackingwithmetasploit.

    SeeAlso
    Hack Like a Pro: How to Remotely Install a Keylogger onto Your
    Girlfriend'sComputer
    HackLikeaPro:HowtoRemotelyGrabaScreenshotofSomeone's
    CompromisedComputer
    HackLikeaPro:HowtoCoverYourTracksSoYouAren'tDetected
    ShowMore...

    JointheDiscussion

    RemembertoGiveKudos,Tweet,Like,&Share

    Subscribe

    OFF

    What if I wanted to connect to a meterpreter shell again, say after closing the
    connectiononmymachine,assumingthevictimdeviceissetupwithapersistent
    backdoor?

    1
    KEANE
    O'KELLE
    Y

    1yearago

    Reply

    Keane:

    WelcometoNullByte!

    OCCUPY
    THEWEB

    Good question. A meterpreter terminal is terminated when the target system is


    shutdown.Tobuildapersistentconnection,usethepersistencecommand.Check
    outthistutorial.
    OTW
    1yearago

    1
    KEANE
    O'KELLE
    Y

    Reply

    What if I set up the persistent connection on the victim, but I disconnect or


    reboot my Kali machine? Can I reconnect to the exploited victim without
    runninganewexploit?
    1yearagoedited1yearago

    Reply

    1
    OCCUPY
    THEWEB

    Keane:
    Youcan,ifyousetupapersistentconnection.Checkoutthispost.
    OTW
    1yearago

    1
    KEANE
    O'KELLE
    Y

    Reply

    Thanks,onceIhavedonethat,howcanIconnectbacktothevictimcomputer
    ifIterminatemeterpreteronmyend(i.e.closingterminal,rebootingetc.)?DoI
    need to use netcat or something in Metasploit to connect to the persistent
    backdoor?
    1yearago

    Reply

    Keane:

    Onceyouhavesetupapersistentbackdoor,thatbackdoorwillkeepattemptingto
    connecttoyourIP.WhenyouopenupMetasploit,youwillgetasessionfromthe
    connectingmachine.

    OCCUPY
    THEWEB

    OTW
    1yearago

    Reply

    heloosiriwanttolearnhowtohackpleasehelpme.

    5monthsago
    FAIZAN
    BHATTI

    Reply

    Youareintherightplace.
    JoinNullByteandfollowme.

    OCCUPY
    THEWEB

    5monthsago

    Reply

    1
    CEZARY
    CZERNIE
    CKI

    Can you please tell me how I access meterpreter, as in change from msf to
    meterpreter,sothatthecommandlookslikethis
    meterpreter>Itypestuffhere(example)
    I'vebeensearchinggoogleforthisbutcan'tfindthis.
    2monthsago

    Reply

    Cezary:

    You only get the meterpreter prompt when you have successfully installed
    meterpreteronatargetsystem.

    OCCUPY
    THEWEB

    OTW
    2monthsago

    1
    CEZARY
    CZERNIE
    CKI

    Reply

    ohsoifIforexamplesendanexploitedworddocumentforthewebcamexploit,
    andmytargetopensit,thenitshouldbringmetometerpreter?
    AndIamusingWindows7.Thanksforthequickanswerbytheway:)
    2monthsago

    Reply

    1
    CEZARY
    CZERNIE
    CKI

    Onceagain,sorryforstupid/simplequestions,I'mprettynewtothis.
    Thankyou.

    You might also like