Meterpreter
https://tryhackme.com/r/room/meterpreter
Last updated
https://tryhackme.com/r/room/meterpreter
Last updated
Meterpreter is a Metasploit payload that supports the penetration testing process with many valuable components. Meterpreter will run on the target system and act as an agent within a command and control architecture.
Meterpreter runs on a target system without being installed on it. It runs in memory (RAM - Random Access Memory) and does not write itself to the disk on the target. Meterpreter thus tries to avoid being detected by antivirus and is seen as a process and does not have a file on the target system. Meterpreter also uses encrypted communication with the server where Metasploit runs.
Use the following command to display meterpreter payloads:
Core commands:
?: Help Menu
background: Backgrounds current session
exit: Terminates session
guid: Get session GUID
info: Display post module information
irb: Opens interactive ruby shell
load: Loads one or more meterpreter extensions
migrate: Migrates meterpreter process to another process
run: Executes a meterpreter script or post module
sessions: Quickly switch to another session
File and networking commands:
search: Searches for files
upload: Uploads file or directory
download: Downloads a file or directory
netstat: Displays the network connections
portfwd: Forwards a local port to a remote service
route: Allows to view and modify routing table
System commands:
clearev: Clears events logs
execute: Executes a command
getpid: Shows current process identifier
kill: Terminates process
reboot: Reboots remote computer
shell: Drops into system command shell
sysinfo: Gets information about remote system
Other commands:
idletime: Returns the number of seconds remote user is idle
keyscan_dump: Dumps the keystroke buffer
keyscan_start: Starts capturing keystrokes
keyscan_stop: Stops capturing keystrokes
screenshare: Allows you to watch the remote user's desktop
record_mic: Records audio from default microphone
webcam_chat: Starts video chat
webcam_stream: Plays a video stream from the specified webcam
getsystem: Attempts to elevate privilege
hashdump: Dumps contents of SAM database
The migrate command is a way to migrate to another process to aid in continued interaction. This can be helpful to creat a more stable meterpreter session. It can also be used to conduct keylogger attacks by migrating to a process like word.exe, notepad.exe, or even a browser.
The following would be a sample command execution involving migration:
Post exploitation using meterpreter can be split into the following categories:
Gathering further intelligence about the target system
Searching for files, credentials, interfaces, and further information
Privilege escalation
Lateral movement
The following command can be used to load Mimikatz, a great tool for post exploitation and privilege escalation on Windows machines:
