Part 1 - Explore Meterpreter

Video Activity

This brief session offers participants step by step instructions in how to explore meterpreter. Participants learn about commands for file systems, as well as other system commands such as environment variables. The instructor shows how to use to get system command, which doesn't work during the lesson so he shows participants what went wrong and h...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Description

This brief session offers participants step by step instructions in how to explore meterpreter. Participants learn about commands for file systems, as well as other system commands such as environment variables. The instructor shows how to use to get system command, which doesn't work during the lesson so he shows participants what went wrong and how to make it work.

Video Transcription
00:03
>> Let's poke around the Meterpreter
00:03
[inaudible] a little bit.
00:03
See what things we can do here,
00:03
around the help command.
00:03
We've got nicely organized sections.
00:03
We have our core commands where you can manipulate
00:03
processes and control the components
00:03
that are active or start things up, shut things down.
00:03
We have a lot of commands interact with file systems.
00:03
Just like you would expect,
00:03
if you're using a command shell,
00:03
commands from a light to change networking or,
00:03
get the networking settings.
00:03
Then other system commands
00:03
like getting environment variables or
00:03
being able to run commands.
00:03
If you're here for the interface itself,
00:03
like doing keylogging and so on.
00:03
You can even interact with a webcam.
00:03
There's some privilege escalation commands.
00:03
We'll take a peek at a few of these things.
00:03
One thing I usually like to do is run get system.
00:03
That's one thing right out of the bat that didn't work.
00:03
Let's see why. We try and do get UID.
00:03
I got lucky and my victim executed
00:03
the binary file I
00:03
put on their system as an administrator.
00:03
Getting my UID shows that I have
00:03
administrator privileges that's why this
00:03
gets system didn't actually work.
00:03
I can look at a process list.
00:03
This is important because you may want to
00:03
migrate your shell to
00:03
another process called something else.
00:03
Like make it look like another Windows Explorer is
00:03
running for instance, or a service host.
00:03
If I'm going to do the background, let's do that.
00:03
This is going to put the process in the background so
00:03
that I can interact with the framework again.
00:03
Now, you see I get back for this my council prompt.
00:03
From here I could research
00:03
various things like additional exploits,
00:03
I've got to show, so now I can try other things.
00:03
Although I already have a
00:03
root shell that's pretty powerful.
00:03
But as you can see,
00:03
there are quite a few additional modules.
00:03
I just searched for exploit windows local,
00:03
and got several here that are excellent,
00:03
quite a few that are great or good,
00:03
so it's a nice variety.
00:03
But now if I want to go back to my Meterpreter shell,
00:03
I can run sessions command.
00:03
In case I forgot the number,
00:03
I can see it's Shell Number 4.
00:03
Now, I'm back in Meterpreter.
Up Next