Introduction

We covered Meterpreter as a post-exploitation tool from Metasploit. This video covered most popular commands and their use. This was part of TryHackMe Junior Penetration Tester pathway.

Meterpreter is a Metasploit payload that supports the penetration testing process with many valuable components. Meterpreter will run on the target system and act as an agent within a command and control architecture. You will interact with the target operating system and files and use Meterpreter’s specialized commands.

Meterpreter has many versions which will provide different functionalities based on the target system.

Get OSCP Certificate Notes

Metasploit Notes

Complete Practical Metasploit Course

 

How does Meterpreter work?

Meterpreter runs on the target system but is not installed on it. It runs in memory and does not write itself to the disk on the target. This feature aims to avoid being detected during antivirus scans. By default, most antivirus software will scan new files on the disk (e.g. when you download a file from the internet) Meterpreter runs in memory (RAM – Random Access Memory) to avoid having a file that has to be written to the disk on the target system (e.g. meterpreter.exe). This way, Meterpreter will be seen as a process and not have a file on the target system.

Meterpreter also aims to avoid being detected by network-based IPS (Intrusion Prevention System) and IDS (Intrusion Detection System) solutions by using encrypted communication with the server where Metasploit runs (typically your attacking machine). If the target organization does not decrypt and inspect encrypted traffic (e.g. HTTPS) coming to and going out of the local network, IPS and IDS solutions will not be able to detect its activities.

While Meterpreter is recognized by major antivirus software, this feature provides some degree of stealth.

Challenge Questions and Answers

What is the computer name?

What is the target domain?

What is the name of the share likely created by the user?

What is the NTLM hash of the jchambers user?

What is the cleartext password of the jchambers user?

Where is the “secrets.txt”  file located?

What is the Twitter password revealed in the “secrets.txt” file?

Where is the “realsecret.txt” file located?

What is the real secret?

Video Walk-through