I've done numerous tutorials in Null Byte demonstrating the power of Metasploit's meterpreter. With the meterpreter on the target system, you have nearly total command of the victim.
As a result, several of you have asked me for a complete list of commands available for the meterpreter because there doesn't seem to be a complete list anywhere on the web. So here it goes. Hack a system and have fun testing out these commands.
Step 1: Core Commands
At its most basic use, meterpreter is a Linux terminal on the victim's computer. As such, many of our basic Linux commands can be used on the meterpreter even if it's on a Windows or other operating system. Here are some of the core commands we can use on the meterpreter:
? help menu
background moves the current session to the background
bgkill kills a background meterpreter script
bglist provides a list of all running background scripts
bgrun runs a script as a background thread
channel displays active channels
close closes a channel
exit terminates a meterpreter session
exploit executes the meterpreter script designated after it
help help menu
interact interacts with a channel
irb go into Ruby scripting mode
migrate moves the active process to a designated PID
quit terminates the meterpreter session
read reads the data from a channel
run executes the meterpreter script designated after it
use loads a meterpreter extension
write writes data to a channelStep 2: File System Commands
cat read and output to stdout the contents of a file
cd change directory on the victim
del delete a file on the victim
download download a file from the victim system to the attacker system
edit edit a file with vim
getlwd print the local directory
getwd print working directory
lcd change local directory
lpwd print local directory
ls list files in current directory
mkdir make a directory on the victim system
pwd print working directory
rm delete (remove) a file
rmdir remove directory on the victim system
upload upload a file from the attacker system to the victimStep 3: Networking Commands
ipconfig displays network interfaces with key information including IP address, etc.
portfwd forwards a port on the victim system to a remote service
route view or modify the victim routing tableStep 4: System Commands
clearev clears the event logs on the victim's computer
drop_token drops a stolen token
execute executes a command
getpid gets the current process ID (PID)
getprivs gets as many privileges as possible
getuid get the user that the server is running as
kill terminate the process designated by the PID
ps list running processes
reboot reboots the victim computer
reg interact with the victim's registry
rev2self calls RevertToSelf() on the victim machine
shell opens a command shell on the victim machine
shutdown shuts down the victim's computer
steal_token attempts to steal the token of a specified (PID) process
sysinfo gets the details about the victim computer such as OS and nameStep 5: User Interface Commands
enumdesktops lists all accessible desktops
getdesktop get the current meterpreter desktop
idletime checks to see how long since the victim system has been idle
keyscan_dump dumps the contents of the software keylogger
keyscan_start starts the software keylogger when associated with a process such as Word or browser
keyscan_stop stops the software keylogger
screenshot grabs a screenshot of the meterpreter desktop
set_desktop changes the meterpreter desktop
uictl enables control of some of the user interface componentsStep 6: Privilege Escalation Commands
getsystem uses 15 built-in methods to gain sysadmin privilegesStep 7: Password Dump Commands
hashdump grabs the hashes in the password (SAM) fileNote that hashdump will often trip AV software, but there are now two scripts that are more stealthy, run hashdump and run smart_hashdump. Look for more on those in my meterpreter script cheat sheet.
Step 8: Timestomp Commands
timestomp manipulates the modify, access, and create attributes of a fileStay Tuned for More Meterpreter Tips
I've already used many of these commands in previous tutorials, and I will be using more in future guides as well to show you how they work. Also, bookmark this page as it is possibly the most complete cheat sheet of meterpreter commands found anywhere on the web, so you'll want it to refer back to this sheet often.
Finally, check out my second meterpreter cheat sheet with the 135 scripts available for the meterpreter to continue hacking with metasploit.
- Follow Null Byte on Twitter, Flipboard, and YouTube
- Sign up for Null Byte's weekly newsletter
- Follow WonderHowTo on Facebook, Twitter, Pinterest, and Flipboard
Cover photo by Justin Meyers/Null Byte
Comments
No Comments Exist
Be the first, drop a comment!