Meterpreter
81
Figure 6-1: Meterpreter-captured screenshot
sysinfo
Another command we can specify is
sysinfo
, which will tell us the platform on
which the system is running, as shown here:
meterpreter >
sysinfo
Computer: IHAZSECURITY
OS : Windows XP (Build 2600, Service Pack 2).
Arch : x86
Language: en_US
As you can see, this system is running Windows XP Service Pack 2. Because
SP2 is end of life, we can assume that we can find a ton of holes on this system.
Capturing Keystrokes
Now we’ll grab the password hash values from this system, which can either
be cracked or used in an attack. We’ll also start
keystroke logging
(recording
keystrokes) on the remote system. But first, let’s list the running processes on
the target system with the
ps
command.
meterpreter >
ps
Process list
============
PID Name Arch Session User Path
--- ---- ---- ------- ---- ----
0 [System Process]
4 System x86 0 NT AUTHORITY\SYSTEM
. . . SNIP . . .