Scribd
Upload
507 views

Cheat Sheet Metasploit Meterpreter

This document provides a comprehensive cheat sheet of commands available in Metasploit's Meterpreter shell. It covers core commands, file system commands, networking commands, system commands, user interface commands, privilege escalation commands, password dump commands, and timestomp commands. The author states they have demonstrated many of these commands in previous tutorials and will continue to do so. Readers are encouraged to bookmark the page as it contains one of the most complete lists of Meterpreter commands found online.

Uploaded by

Rhett Ligon
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
507 views

Cheat Sheet Metasploit Meterpreter

This document provides a comprehensive cheat sheet of commands available in Metasploit's Meterpreter shell. It covers core commands, file system commands, networking commands, system commands, user interface commands, privilege escalation commands, password dump commands, and timestomp commands. The author states they have demonstrated many of these commands in previous tutorials and will continue to do so. Readers are encouraged to bookmark the page as it contains one of the most complete lists of Meterpreter commands found online.

Uploaded by

Rhett Ligon
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

HackLikeaPro:TheUltimate

CommandCheatSheetforMetasploit's
Meterpreter
PostedBy

occupytheweb

8503

3monthsago

Follow

45
KUDOS

Welcomeback,myhackernovitiates!
I'vedonenumeroustutorialsinNullBytedemonstratingthepowerofMetasploit's
meterpreter. With the meterpreter on the target system, you have nearly total
commandofthevictim!
As a result, several of you have asked me for a complete list of commands
available for the meterpreter because there doesn't seem to be a complete list
anywhereontheweb.Sohereitgoes!Hackasystemandhavefuntestingout
thesecommands!

Step1:CoreCommands
Atitsmostbasicuse,meterpreterisaLinuxterminalonthevictim'scomputer.As
such,manyofourbasicLinuxcommandscanbeusedonthemeterpreterevenif
it'sonaWindowsorotheroperatingsystem.
Herearesomeofthecorecommandswecanuseonthemeterpreter.
?helpmenu
backgroundmovesthecurrentsessiontothebackground
bgkillkillsabackgroundmeterpreterscript
bglistprovidesalistofallrunningbackgroundscripts
bgrunrunsascriptasabackgroundthread
channeldisplaysactivechannels
closeclosesachannel
exitterminatesameterpretersession
helphelpmenu
interactinteractswithachannel
irbgointoRubyscriptingmode
migratemovestheactiveprocesstoadesignatedPID
quitterminatesthemeterpretersession
readreadsthedatafromachannel
runexecutesthemeterpreterscriptdesignatedafterit
useloadsameterpreterextension
writewritesdatatoachannel

Step2:FileSystemCommands
catreadandoutputtostdoutthecontentsofafile
cdchangedirectoryonthevictim
deldeleteafileonthevictim
downloaddownloadafilefromthevictimsystemtotheattackersystem
editeditafilewithvim
getlwdprintthelocaldirectory
getwdprintworkingdirectory
lcdchangelocaldirectory
lpwdprintlocaldirectory

lslistfilesincurrentdirectory
mkdirmakeadirectoryonthevictimsystem
pwdprintworkingdirectory
rmdeleteafile
rmdirremovedirectoryonthevictimsystem
uploaduploadafilefromtheattackersystemtothevictim

Step3:NetworkingCommands
ipconfig displays network interfaces with key information including IP
address,etc.
portfwdforwardsaportonthevictimsystemtoaremoteservice
routeviewormodifythevictimroutingtable

Step4:SystemCommands
clearavclearstheeventlogsonthevictim'scomputer
drop_tokendropsastolentoken
executeexecutesacommand
getpidgetsthecurrentprocessID(PID)
getprivsgetsasmanyprivilegesaspossible
getuidgettheuserthattheserverisrunningas
killterminatetheprocessdesignatedbythePID
pslistrunningprocesses
rebootrebootsthevictimcomputer
reginteractwiththevictim'sregistry
rev2selfcallsRevertToSelf()onthevictimmachine
shellopensacommandshellonthevictimmachine
shutdownshutsdownthevictim'scomputer
steal_tokenattemptstostealthetokenofaspecified(PID)process
sysinfogetsthedetailsaboutthevictimcomputersuchasOSandname

Step5:UserInterfaceCommands
enumdesktopslistsallaccessibledesktops
getdesktopgetthecurrentmeterpreterdesktop
idletimecheckstoseehowlongsincethevictimsystemhasbeenidle
keyscan_dumpdumpsthecontentsofthesoftwarekeylogger

keyscan_start starts the software keylogger when associated with a


processsuchasWordorbrowser
keyscan_stopstopsthesoftwarekeylogger
screenshotgrabsascreenshotofthemeterpreterdesktop
set_desktopchangesthemeterpreterdesktop
uictlenablescontrolofsomeoftheuserinterfacecomponents

Step6:PrivilegeEscalationCommands
getsystemuses15builtinmethodstogainsysadminprivileges

Step7:PasswordDumpCommands
hashdumpgrabsthehashesinthepassword(SAM)file
NotethathashdumpwilloftentripAVsoftware,buttherearenowtwoscriptsthat
aremorestealthy,"runhashdump"and"runsmart_hashdump".Lookformoreon
thoseonmyupcomingmeterpreterscriptcheatsheet.

Step8:TimestompCommands
timestompmanipulatesthemodify,access,andcreateattributesofafile

StayTunedforMoreMeterpreterTips
I've already used many of these commands in previous tutorials, and I will be
usingmoreinfutureguidesaswelltoshowyouhowtheywork.Also,bookmark
this page as it is possibly the most complete cheat sheet of meterpreter
commandsfoundanywhereontheweb,soyou'llwantittoreferbacktothissheet
often.
Finally, check out my second meterpreter cheat sheet with the 135 scripts
availableforthemeterpretertocontinuehackingwithmetasploit.

SeeAlso
Hack Like a Pro: How to Remotely Install a Keylogger onto Your
Girlfriend'sComputer
HackLikeaPro:HowtoRemotelyGrabaScreenshotofSomeone's
CompromisedComputer
HackLikeaPro:HowtoCoverYourTracksSoYouAren'tDetected
ShowMore...

JointheDiscussion

RemembertoGiveKudos,Tweet,Like,&Share

Subscribe

OFF

What if I wanted to connect to a meterpreter shell again, say after closing the
connectiononmymachine,assumingthevictimdeviceissetupwithapersistent
backdoor?

1
KEANE
O'KELLE
Y

1yearago

Reply

Keane:

WelcometoNullByte!

OCCUPY
THEWEB

Good question. A meterpreter terminal is terminated when the target system is


shutdown.Tobuildapersistentconnection,usethepersistencecommand.Check
outthistutorial.
OTW
1yearago

1
KEANE
O'KELLE
Y

Reply

What if I set up the persistent connection on the victim, but I disconnect or


reboot my Kali machine? Can I reconnect to the exploited victim without
runninganewexploit?
1yearagoedited1yearago

Reply

1
OCCUPY
THEWEB

Keane:
Youcan,ifyousetupapersistentconnection.Checkoutthispost.
OTW
1yearago

1
KEANE
O'KELLE
Y

Reply

Thanks,onceIhavedonethat,howcanIconnectbacktothevictimcomputer
ifIterminatemeterpreteronmyend(i.e.closingterminal,rebootingetc.)?DoI
need to use netcat or something in Metasploit to connect to the persistent
backdoor?
1yearago

Reply

Keane:

Onceyouhavesetupapersistentbackdoor,thatbackdoorwillkeepattemptingto
connecttoyourIP.WhenyouopenupMetasploit,youwillgetasessionfromthe
connectingmachine.

OCCUPY
THEWEB

OTW
1yearago

Reply

heloosiriwanttolearnhowtohackpleasehelpme.

5monthsago
FAIZAN
BHATTI

Reply

Youareintherightplace.
JoinNullByteandfollowme.

OCCUPY
THEWEB

5monthsago

Reply

1
CEZARY
CZERNIE
CKI

Can you please tell me how I access meterpreter, as in change from msf to
meterpreter,sothatthecommandlookslikethis
meterpreter>Itypestuffhere(example)
I'vebeensearchinggoogleforthisbutcan'tfindthis.
2monthsago

Reply

Cezary:

You only get the meterpreter prompt when you have successfully installed
meterpreteronatargetsystem.

OCCUPY
THEWEB

OTW
2monthsago

1
CEZARY
CZERNIE
CKI

Reply

ohsoifIforexamplesendanexploitedworddocumentforthewebcamexploit,
andmytargetopensit,thenitshouldbringmetometerpreter?
AndIamusingWindows7.Thanksforthequickanswerbytheway:)
2monthsago

Reply

1
CEZARY
CZERNIE
CKI

Onceagain,sorryforstupid/simplequestions,I'mprettynewtothis.
Thankyou.

You might also like