Meterpreter: MSF’s Premier Payload¶
What is Meterpreter?¶
Meterpreter is a powerful, extensible payload designed for use in the Metasploit Framework. It is designed “to provide limited forensic evidence and impact on the victim machine.” 1 Meterpreter communications are encrypted by default, and it is capable of residing entirely in-memory, writing nothing to disk. It is the default MSF payload when no other payload is specified.
How does it work?¶
The Meterpreter payload includes a vast array of features, most of which are beyond the scope of this document. The following are the most commonly-used commands used with Meterpreter, as seen in the various walk-throughs in this guide.
getuid: Determine User ID¶
This command determines which account is running the active Meterpreter session. The return value depends largely on the target OS.
shell: Get a Command Shell on the Target System¶
This command returns a command prompt on the target system. The shell returned depends on the target OS. In the case of Windows targets, this is usually the cmd.exe shell. On Unix-like systems, it could be sh, bash, zsh, or others.