Welcome to my blog where we delve into the powerful world of Meterpreter commands and explore their diverse functionalities. By utilizing this robust framework, we can execute a wide range of actions, both essential and advanced. Furthermore, we will unravel the intricate capabilities of Meterpreter while utilizing a plethora of transition words to seamlessly guide you through each command. So let’s dive in and uncover the countless possibilities that Meterpreter offers!
Many people are confused about meterpreter commands; therefore, to help them, we have created a cheat sheet that includes all commands for meterpreter. Happy hacking!
Table of contents
These are the basic Linux commands you can use:
? help menu background moves the current session to the background bgkill kills a background meterpreter script bglist provides a list of all running background scripts bgrun runs a script as a background thread channel displays active channels close closes a channel exit terminates a meterpreter session exploit executes the meterpreter script designated after it help help menu interact interacts with a channel irb go into Ruby scripting mode migrate moves the active process to a designated PID quit terminates the meterpreter session read reads the data from a channel run executes the meterpreter script designated after it use loads a meterpreter extension write writes data to a channel
File System Commands
cat read and output to stdout the contents of a file cd change directory on the victim del delete a file on the victim download download a file from the victim system to the attacker system edit edit a file with vim getlwd print the local directory getwd print working directory lcd change local directory lpwd print local directory ls list files in current directory mkdir make a directory on the victim system pwd print working directory rm delete (remove) a file rmdir remove directory on the victim system upload upload a file from the attacker system to the victim
ipconfig displays network interfaces with key information including IP address, etc. portfwd forwards a port on the victim system to a remote service route view or modify the victim routing table
clearev clears the event logs on the victim's computer drop_token drops a stolen token execute executes a command getpid gets the current process ID (PID) getprivs gets as many privileges as possible getuid get the user that the server is running as kill terminate the process designated by the PID ps list running processes reboot reboots the victim computer reg interact with the victim's registry rev2self calls RevertToSelf() on the victim machine shell opens a command shell on the victim machine shutdown shuts down the victim's computer steal_token attempts to steal the token of a specified (PID) process sysinfo gets the details about the victim computer such as OS and name
User Interface Commands
enumdesktops lists all accessible desktops getdesktop get the current meterpreter desktop idletime checks to see how long since the victim system has been idle keyscan_dump dumps the contents of the software keylogger keyscan_start starts the software keylogger when associated with a process such as Word or browser keyscan_stop stops the software keylogger screenshot grabs a screenshot of the meterpreter desktop set_desktop changes the meterpreter desktop uictl enables control of some of the user interface components
Privilege Escalation Commands
getsystem uses 15 built-in methods to gain sysadmin privileges
Password Dump Commands
hashdump grabs the hashes in the password (SAM) file
timestomp manipulates the modify, access, and create attributes of a file
1. Advanced Metepreter Script Commands- Part 1
- arp_scanner.rb – A ruby Script for performing an ARP’s Scan Discovery.
- autoroute.rb – A new Meterpreter session without having to background the current session.
- checkvm.rb – Script for knowing if the target host is a virtual machine.
- credcollect.rb – Script to harvest credentials found on the host and store them in the database.
- domain_list_gen.rb – Script for finding domain admin account list for use and pentesting
- dumplinks.rb – Dumplinks parses .lnk files from a user’s recent documents folder and Microsoft Office’s Recent documents folder, if present. The .lnk files contain time indicators, file locations, including share names, volume serial #s, and more. This info may help you target another systems and gets you more info about the existing system
- duplicate.rb – Uses a meterpreter session to spawn a new meterpreter session in a different process. A new process allows the session to take “risky” actions that might get the process killed by A/V, giving a meterpreter session to another controller, or start a keylogger on another process. This is a risky noisy process.
2. Advanced Metepreter Script Commands- Part 2
- enum_chrome.rb – Script to extract data from a chrome installation.
- enum_firefox.rb – Script for extracting data from Firefox. enum_logged_on_users.rb – Script for enumerating current logged users and users that have logged in to the system. enum_powershell_env.rb – Enumerates PowerShell and WSH configurations.
- enum_putty.rb – Enumerates Putty connections.
- enum_shares.rb – Script for Enumerating shares offered and history of mounted shares.
- enum_vmware.rb – Enumerates VMware configurations for VMware products.
- event_manager.rb – Show information about Event Logs on the target system and their configuration.
- file_collector.rb – Script for searching and downloading files that match a specific pattern.
- get_application_list.rb – A ruby Script for extracting a list of installed applications and their version.
- getcountermeasure.rb – Script for detecting AV, HIPS, Third-Party Firewalls, DEP Configuration and Windows Firewall configuration. Additionally, it provides the option to kill the processes of detected products and disable the built-in firewall.
3. Advanced Metepreter Script Commands- Part 3
- get_env.rb – Script for extracting a list of all System and User environment variables.
- getfilezillacreds.rb – A ruby Script for extracting servers and credentials from Filezilla.
- getgui.rb – Script to enable Windows RDP.
- get_local_subnets.rb – Get a list of local subnets based on the host’s routes.
- get_pidgen_creds.rb – Script for extracting configured services with username and passwords.
- gettelnet.rb – Checks to see if telnet is installed.
- get_valid_community.rb – Gets a valid community string from SNMP.
- getvncpw.rb – Gets the VNC password.
- hashdump.rb – Grabs password hashes from the SAM.
- hostedit.rb – Script for adding entries in the Windows Hosts file.
- keylogrecorder.rb – Script for running keylogger and saving all the keystrokes.
- killav.rb – Terminates nearly every antivirus software on victim.
- metsvc.rb – Delete one meterpreter service and start another.
- migrate – Moves the meterpreter service to another process.
- multicommand.rb – Script for running multiple commands on Windows 2003, Windows Vista and Windows XP and Windows 2008 targets.
4. Advanced Metepreter Script Commands- Part 4
- multi_console_command.rb – Script for running multiple console commands on a meterpreter session.
- multi_meter_inject.rb – Script for injecting a reverse tcp Meterpreter Payload into the memory of multiple PIDs, if none is provided a notepad process will be created and a Meterpreter Payload will be injected into each other.
- multiscript.rb – Script for running multiple scripts on a Meterpreter session.
- netenum.rb – Script for ping sweeps on Windows 2003, Windows Vista, Windows 2008 and Windows XP targets using native Windows commands.
- packetrecorder.rb – Script for capturing packets into a PCAP file.
- panda2007pavsrv51.rb – This module exploits a privilege escalation vulnerability in Panda Antivirus 2007. Due to insecure permission issues, a local attacker can gain elevated privileges.
- persistence.rb – Script for creating a persistent backdoor on a target host.
- pml_driver_config.rb – Exploits a privilege escalation vulnerability in Hewlett-Packard’s PML Driver HPZ12. Due to an insecure SERVICE_CHANGE_CONFIG DACL permission, moreover, a local attacker can gain elevated privileges.
- powerdump.rb – Meterpreter script for utilizing purely PowerShell to extract username and password hashes through registry keys. Additionally, this script requires you to be running as system in order to work properly.This has currently been tested on Server 2008 and Windows 7, which installs PowerShell by default.
- prefetchtool.rb – Script for extracting information from windows prefetch folder.
- process_memdump.rb – Script is based on the paper Neurosurgery With Meterpreter.
- remotewinenum.rb – This script will enumerate windows hosts in the target environment given a username and password or using the credential under which Meterpeter is running using WMIC windows native tool.
5. Advanced Metepreter Script Commands- Part 5
- scheduleme.rb – This script, designed to automate the most common scheduling tasks during a pentest, works seamlessly with Windows XP, Windows 2003, Windows Vista, and Windows 2008.
- schelevator.rb – Exploit for Windows Vista/7/2008 Task Scheduler 2.0 Privilege Escalation. This script exploits the Task Scheduler 2.0 XML 0day exploited by Stuxnet.
- schtasksabuse.rb – Meterpreter script for abusing the scheduler service in Windows by scheduling and running a list of command against one or more targets. Using schtasks command to run them as system. This script works with Windows XP, Windows 2003, Windows Vista, and Windows 2008.
- scraper.rb – The goal of this script is to obtain system information from a victim through an existing Meterpreter session.
- screenspy.rb – This script will open an interactive view of remote hosts. You will need Firefox installed on your machine.
- screen_unlock.rb – Script to unlock a windows screen. Needs system privileges to run and known signatures for the target system.
- screen_dwld.rb – Script that recursively search and download files matching a given pattern.
- service_manager.rb – Script for managing Windows services.
6. Advanced Metepreter Script Commands- Part 6
- service_permissions_escalate.rb – This script not only attempts to create a service, but it also meticulously searches through a list of existing services to identify insecure file or configuration permissions that will enable it to replace the executable with a payload. Furthermore, once the replacement is successful, it will proceed to restart the compromised service in order to execute the payload. However, in the event of a failed restart, during subsequent service initiation (such as on reboot), the attacker will gain higher permissions.
- sound_recorder.rb – Script for recording in intervals the sound capture by a target host microphone.
- srt_webdrive_priv.rb – Exploits a privilege escalation vulnerability in South River Technologies WebDrive.
- uploadexec.rb – Script to upload executable file to host.
- virtualbox_sysenter_dos – Script to DoS Virtual Box.
- virusscan_bypass.rb – Script that kills Mcafee VirusScan Enterprise v8.7.0i+ processes.
- vnc.rb – Meterpreter script for obtaining a quick VNC session.
- webcam.rb – Script to enable and capture images from the host webcam.
- win32-sshclient.rb – Script to deploy & run the “plink” commandline ssh-client. Supports only MS-Windows-2k/XP/Vista Hosts.
- win32-sshserver.rb – Script to deploy and run OpenSSH on the target machine.
- winbf.rb – Function for checking the password policy of the current system. This policy may seem like the policy of other servers in the target environment.
- winenum.rb – Enumerates Windows system including environment variables, network interfaces, routing, user accounts, etc
- wmic.rb – Script for running WMIC commands on Windows 2003, Windows Vista, and Windows XP and Windows 2008 targets.
In conclusion, we have thoroughly explored the extensive array of Meterpreter commands and, moreover, their incredible functionalities. By harnessing the power of this versatile framework, we can execute various tasks with precision and control. Throughout this blog, we have delved into the intricacies of each command, shedding light on their capabilities and practical applications.
Moreover, we have examined the seamless flow of information facilitated by the inclusion of transition words, allowing for a smooth understanding of the discussed concepts. These transition words have acted as guideposts, leading us through the intricate world of Meterpreter commands.
By actively engaging with these commands, we empower ourselves to navigate through complex systems, carry out essential tasks, and enhance our understanding of cybersecurity. The active voice has lent a sense of agency and dynamism to our exploration, ensuring clarity and impact in our discussions.
In your continued journey with Meterpreter, remember to experiment, test boundaries, and adapt these commands to suit your specific needs. By expanding your knowledge and mastering these tools, you will unlock the full potential of Meterpreter and pave the way for success in the ever-evolving realm of cybersecurity.
So, equip yourself with the knowledge gained here and embark on your path as a proficient Meterpreter user. Embrace the power, seize the opportunities, and conquer new horizons with confidence. The world of Meterpreter awaits your command!
I hope you liked the above article. Moreover, do share our blog posts with your friends and, in addition, support our site via donations. Lastly, happy hacking!