Meterpreter: MSF’s Premier Payload

Reference Walk-Throughs



What is Meterpreter?

Meterpreter is a powerful, extensible payload designed for use in the Metasploit Framework. It is designed “to provide limited forensic evidence and impact on the victim machine.” 1 Meterpreter communications are encrypted by default, and it is capable of residing entirely in-memory, writing nothing to disk. It is the default MSF payload when no other payload is specified.


How does it work?

To learn more about the function and features of Meterpreter, you should read the Meterpreter section of the Metasploit Unleashed guide, published by Offensive Security.

Using Meterpreter

The Meterpreter payload includes a vast array of features, most of which are beyond the scope of this document. The following are the most commonly-used commands used with Meterpreter, as seen in the various walk-throughs in this guide.

getuid: Determine User ID

Example: getuid

This command determines which account is running the active Meterpreter session. The return value depends largely on the target OS.

shell: Get a Command Shell on the Target System

Example: shell

This command returns a command prompt on the target system. The shell returned depends on the target OS. In the case of Windows targets, this is usually the cmd.exe shell. On Unix-like systems, it could be sh, bash, zsh, or others.