Meterpreter
short for Meta-Interpreter: Powerful shell runs on (x86, x64) Android, BSD, Java, Linux, PHP, Python & Windows. Able to gather info, Transfer files, install backdoors ...etc .
List all Meterpreters:
Choose payload
Meterpreter can:
bind_tcp: Wait for commands on target machine. it runs a server on target waiting for conn from attacker.
reverse_tcp: connect back to attacker. it performs a TCP conn to the attacker machine.
To get the Meterpreter session you must run the exploit. (as shown in Metasploit)
Sessions:
MSFConsole can host multiple Meterpreter sessions.
switch from Meterpreter session to the msf:
list all the sessions in msf:
resume a background session:
🔍Recon with Meterpreter:
Meterpreter, allow you to gather info on exploited machine and it's network. to retrieve:
Info about Machine & OS.
Network Config in use.
Routing table of target.
Target user info
System info:
Print network config.:
Get routing table
which user is running the process you exploited
Privilege Escalation:
Run privilege escalation routine (if user is not privileged):
system is the highest privileges on windows machine.
in modern Windows OS he User Account Control (UAC) policy prevents privilege escalation. (fail when running getsystem).
bypass UAC:
Now you get a new session with UAC policy disabled.
inside a Meterpreter session you can use the following to see your privileges:
also read this to get privilege without tools:
https://alvinsmith.gitbook.io/progressive-oscp/untitled/vulnversity-privilege-escalation
Remain Stealthy:
change the process name so it's no suspicious (inside Meterpreter session):
🔑Dumping Password Database (hashes):
you can type hashdump inside a Meterpreter session another way is:
better way dumbed in clear text:
Dumbing Victim .bash_history
assuming you hacked a Unix system and now you have a meterpreter sessions and inside it:
🚶♂️Exploring the Victim System:
navigation:
Downloading & Uploading:
Running the OS Shell
Help
every command have a help just add -h:
Last updated