Meterpreter is an advanced, stealthy, powerful and extensible post exploitation tool that uses in-
memory DLL injection stagers and is extended over the network at runtime. It communicates
over the stager socket and provides a comprehensive client-side Ruby API.
Useful Meterpreter third party scripts
Once you have successfully compromised a target, you could use the scripts below within a
Meterpreter shell in order to retrieve valuable information. To run one of the scripts below enter
run followed by the name of the script, for ex. run winenum.
- Grab system information and the entire registry with scraper script,
- dump tokens, hashes and more with winenum,
- enumerate system information through wmic using remotewinenum,
- add entries to the Windows hosts file using hostsedit,
- get the local subnet mask of the victim with script get_local_subnets,
- disable most antivirus programs running as a service with killav script,
- gettelnet script will enable telnet,
- enable RDP with script getgui,
- disable security measures such as antivirus, firewall, and more with getcountermeasure,
- check to see if you exploited a virtual machine, checkvm.