Meterpreter is an advanced, stealthy, powerful and extensible post exploitation tool that uses in-
memory DLL injection stagers and is extended over the network at runtime. It communicates
over the stager socket and provides a comprehensive client-side Ruby API.

Useful Meterpreter third party scripts
Once you have successfully compromised a target, you could use the scripts below within a
Meterpreter shell in order to retrieve valuable information. To run one of the scripts below enter
run followed by the name of the script, for ex. run winenum.

  • Grab system information and the entire registry with scraper script,
  • dump tokens, hashes and more with winenum,
  • enumerate system information through wmic using remotewinenum,
  • add entries to the Windows hosts file using hostsedit,
  • get the local subnet mask of the victim with script get_local_subnets,
  • disable most antivirus programs running as a service with killav script,
  • gettelnet script will enable telnet,
  • enable RDP with script getgui,
  • disable security measures such as antivirus, firewall, and more with getcountermeasure,
  • check to see if you exploited a virtual machine, checkvm.

This post is part of my article about metasploit which was originally published in PenTest Magazine, August issue.