Meterpreter Useful Top 60 Commands List – 2017 Update

Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API.

How Meterpreter Works

  • The target executes the initial stager. This is usually one of bind, reverse, findtag, passivex, etc.
  • The stager loads the DLL prefixed with Reflective. The Reflective stub handles the loading/injection of the DLL.
  • The Metepreter core initializes, establishes a TLS/1.0 link over the socket and sends a GET. Metasploit receives this GET and configures the client.
  • Lastly, Meterpreter loads extensions. It will always load stdapi and will load priv if the module gives administrative rights. All of these extensions are loaded over TLS/1.0 using a TLV protocol.

Here we’re listing out some useful commands of meterpreter as follows:

  • Background the current session – background
  • Kill a background meterpreter session – bgkill
  • Displays info about active channels – channel
  • Close a channel – close
  • Disables encoding of unicode strings – disable_unicode_encoding
  • Enable encoding of unicode strings – enable_unicode_encoding
  • Exit meterpreter shell – exit
  • Display info about active post module – info
  • Interact with a channel – interact
  • Drop into irb scripting mode – irb
  • Load one or more meterpreter extensions – load
  • Migrate the server to another – migrate
  • Terminate the meterpreter sessions – quit
  • Reads data from a channel – read
  • Run the commands stored in a file – resource
  • Executes a meterpreter script or post module – run
  • Write data to a channel – write
  • Read the contents of a file to the screen – cat
  • Change directory – cd
  • Download file to your system – download
  • Edit a file – edit
  • Print local working directory – getlwd
  • Print working directory – getwd
  • Change local working directory – lcd
  • Print local working directory – lpwd
  • List files – ls
  • Make directory – mkdir
  • Print working directory – pwd
  • Delete the speficied file – rm
  • Remove directory – rmdir
  • Search for files – search
  • Upload file to target – upload
  • Get the current meterpreter desktop – getdesktop
  • Display the amoung of time the user has been idle – idletime
  • Start capturing keystrokes – keyscan_start
  • Stop capturing keystrokes – keyscan_stop
  • Dump the keystroke buffer – keyscan_dump
  • Screenshot of the GUI – screenshot
  • Change the meterpreters current desktop – setdesktop
  • Control some of the user interface components – uictl
  • List webcams – webcam_list
  • Take a snapshot from the specified webcam – webcam_snap
  • Attempt to elevate your priviledge to that of local system – getsystem
  • Dumps the contents of the SAM database – hashdump
  • Manipulate MACE attributes – timestop
  • Clear the event log – clearev
  • Relinquishes any active impersonation token – drop_token
  • Execute a command – execute
  • Get the current process identifier – getpid
  • Attempt to enable all privileges available to the current process – getprivs
  • Get the user that the server is running as – getuid
  • Terminate a process – kill
  • List running processes – ps
  • Reboots the remote computer – reboot
  • Interact with remote registry – reg
  • Calls RevertToSelf() on the remote machine – rev2self
  • Drop into a system command shell – shell
  • Shuts down the remote computer – shutdown
  • Attempt to steal an Impersonation token from the process – steal_token
  • Gets information about the remote system – sysinfo
You may also like:

Sarcastic Writer

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.

Related Posts