Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API.
How Meterpreter Works
- The target executes the initial stager. This is usually one of bind, reverse, findtag, passivex, etc.
- The stager loads the DLL prefixed with Reflective. The Reflective stub handles the loading/injection of the DLL.
- The Metepreter core initializes, establishes a TLS/1.0 link over the socket and sends a GET. Metasploit receives this GET and configures the client.
- Lastly, Meterpreter loads extensions. It will always load stdapi and will load priv if the module gives administrative rights. All of these extensions are loaded over TLS/1.0 using a TLV protocol.
Here we’re listing out some useful commands of meterpreter as follows:
- Background the current session – background
- Kill a background meterpreter session – bgkill
- Displays info about active channels – channel
- Close a channel – close
- Disables encoding of unicode strings – disable_unicode_encoding
- Enable encoding of unicode strings – enable_unicode_encoding
- Exit meterpreter shell – exit
- Display info about active post module – info
- Interact with a channel – interact
- Drop into irb scripting mode – irb
- Load one or more meterpreter extensions – load
- Migrate the server to another – migrate
- Terminate the meterpreter sessions – quit
- Reads data from a channel – read
- Run the commands stored in a file – resource
- Executes a meterpreter script or post module – run
- Write data to a channel – write
- Read the contents of a file to the screen – cat
- Change directory – cd
- Download file to your system – download
- Edit a file – edit
- Print local working directory – getlwd
- Print working directory – getwd
- Change local working directory – lcd
- Print local working directory – lpwd
- List files – ls
- Make directory – mkdir
- Print working directory – pwd
- Delete the speficied file – rm
- Remove directory – rmdir
- Search for files – search
- Upload file to target – upload
- Get the current meterpreter desktop – getdesktop
- Display the amoung of time the user has been idle – idletime
- Start capturing keystrokes – keyscan_start
- Stop capturing keystrokes – keyscan_stop
- Dump the keystroke buffer – keyscan_dump
- Screenshot of the GUI – screenshot
- Change the meterpreters current desktop – setdesktop
- Control some of the user interface components – uictl
- List webcams – webcam_list
- Take a snapshot from the specified webcam – webcam_snap
- Attempt to elevate your priviledge to that of local system – getsystem
- Dumps the contents of the SAM database – hashdump
- Manipulate MACE attributes – timestop
- Clear the event log – clearev
- Relinquishes any active impersonation token – drop_token
- Execute a command – execute
- Get the current process identifier – getpid
- Attempt to enable all privileges available to the current process – getprivs
- Get the user that the server is running as – getuid
- Terminate a process – kill
- List running processes – ps
- Reboots the remote computer – reboot
- Interact with remote registry – reg
- Calls RevertToSelf() on the remote machine – rev2self
- Drop into a system command shell – shell
- Shuts down the remote computer – shutdown
- Attempt to steal an Impersonation token from the process – steal_token
- Gets information about the remote system – sysinfo
- Top 20 Cybersecurity Career Options
- Top 5 Tips to Prevent Online Scams
- Top 10 Platforms to Learn Cybersecurity
- Top 7 Commercial Linux Distributions
- Why Do I Need a Website?
- Reinforcement Learning in Real-world Applications: The Latest Successes and Challenges
- Various Python Libraries for developing RESTful APIs
- Top 7 NodeJS Frameworks You Need To Know
- How Buying Instagram Followers Can Help Businesses Soar
- How To Find Gaps In Your Cybersecurity And How To Address Them