![]() From here you can run a module, review the target hosts files and get networking information. It will display a list of available commands with a description of each. To see a list of available commands type ?. Meterpreter > View Available Meterpreter Shell Commands Metasploit - Mdm::Session ID # 2 (127.0.0.1)Īt the bottom is the shell input. ![]() It will open a blank terminal.Īt the top is the session ID and the target host address. ![]() Under “Available Actions” click Command Shell. Post-Exploitation Modules - Modules available to run based on the OS and payload type.Session History - A detailed list of all actions taken during an open session.Available Actions - All the available actions that can be taken.Attack Module - Exploit used to open the session.If this was the result of a bruteforce attack it will include the authentication type and credential pair used. Information - Any information on how the session was opened. ![]() Session Type - The type of payload and module used to open the session.In the image above this is Session 2 on 127.0.0.1 Session - Session number and target host address.The Meterpreter session page has the following information: From this page, you can launch a terminal, see available modules and run post-exploitation actions. On the session page, review the available actions.Under “Active Sessions” select a session that has a “Type” of “Meterpreter”.To see all the available actions for a Meterpreter shell during a session, do the following: Attack Module - The exploit used to open the session.For example, bruteforce opened sessions will contain the username and password used. Description - Any information related to how the session was opened if available.Once 60 seconds is reached, time is tracked in minutes. Age - The time the session has been opened in minutes or seconds.These are attached to the session in sequential order of being created. The Meterpreter "Active Sessions" page provides you with the following information: To access the session pages in the top menu go to "Sessions". Meterpreter > Command Shell will open a Meterpreter shell, while Shell > Command Shell will open a standard terminal. While the name is the same, the functionality is not. “Command Shell” is listed under Shell and Meterpreter. Using a shell does not provide the same actions as a Meterpreter shell. The functionality can differ depending on the type of exploit used. Some exploits are limited in functionality ,and shell commands require less manipulation by the exploit.Ī Meterpreter shell gives you access to Metasploit modules and other actions not available in the command shell.Ī shell session opens a standard terminal on the target host, giving you similar functions to a terminal on your OS. This is because shell payloads are created by running a command on a remote machine, and they can be easier to “launch”. If Metasploit is unable to deliver a Meterpreter payload then it opens a shell.ĭepending on the module used to create a session, either a Shell or both a Shell and Meterpreter session will be opened. A Meterpreter payload is uploaded to a remote machine that allows you to run Metasploit modules. By default, Metasploit attempts to deliver a Meterpreter payload. After you successfully exploit a host, either a shell or Meterpreter session is opened.
0 Comments
Leave a Reply. |