7 Metasploit Meterpreter Core Commands You Should Know

7 Metasploit Meterpreter Core Commands You Should Know


Type : Tips and Trick

Level : Easy

After you successfully gaining a meterpreter client access to victim computer you need to know what is the main command you should know to doing something with the meterpreter client. In this tips and trick I trying to wrote the core meterpreter client commands you should know.

The meterpreter client you can gain when you exploiting victim and then set payload to meterpreter with the command like this below :

set payload windows/meterpreter/reverse_tcp



1. ? or help

We can use ? or help to show a list of commands with brief descriptions.

2. background

Using the background command places the current session into the background and brings us back to the Metasploit console without terminating the session. We can begin to interact with the session again by using the sessions Metasploit command.

Metasploit Meterpreter Core Commands You Should Know

3. irb

We can start the Interactive Ruby Shell with the irb command, allowing us to use the Ruby scripting language to interact with the compromised system.

To view the API, we need to run the rdoc command from the Metasploit directory, which will create a doc/index.html file that we can open with a browser.

Metasploit Meterpreter Core Commands You Should Know

4. exit or quit

Returns to the Meterpreter console and closes the active session.

Metasploit Meterpreter Core Commands You Should Know


5. migrate

Meterpreter initially runs inside the exploited process or as its own executable’s process in some cases. If that process is stopped for any reason, the Meterpreter session will close, so it is good practice to migrate the session to more stable process such as Windows’ explorer.exe.

The following example shows the use of a handful of commands in order to locate a process that the user will not close during his or her session. The commands are:

  1. ps – Show a list of running processes.
  2. getpid – Display the process Meterpreter is using, which shows an svchost.exe.
  3. migrate pidMove Meterpreter to a new process ID number, where we request the winlogon.exe process.
  4. getpid – Display the new process Meterpreter is using, which we verify is the winlogon.exe process.

Metasploit Meterpreter Core Commands You Should Know

6. run

We can execute a Meterpreter script using the run command. If no path is specified, Meterpreter will search for the script in the scripts/meterpreter/ directory.

In the following example we are running the scripts/meterpreter/clearthelog.rb script from my previous tutorial, which clear all event viewer logs from target.

Metasploit Meterpreter Core Commands You Should Know

7. use

For additional commands and functionality we can load Meterpreter extensions with the use command.

In the following example, we would like to use the hashdump command to retrieve password hashes from the target. By using the use priv command we can load the extension that gives us the hashdump command. We can verify this by using ? to list our available commands.

Metasploit Meterpreter Core Commands You Should Know


Hope you enjoyed 🙂

question? write your comments below..

Share this article if you found it was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com