Interact with the Target OS (Part 2)

After mastering basic navigation, the second part of interacting with the target OS involves advanced data manipulation and hardware control. One of the most critical capabilities of Meterpreter is the ability to transfer files between your attack machine and the victim. To move a file from your local system to the target, use the upload command followed by the source and destination paths. Conversely, to exfiltrate sensitive data from the victim back to your machine, use the download command. These actions are performed over the encrypted Meterpreter channel, helping them remain hidden from network-based intrusion detection systems.

Beyond file management, Meterpreter provides direct access to the target’s hardware components. You can capture the user’s screen in real-time by using the screenshot command, which saves a JPEG image of the current desktop to your local directory. For monitoring activity, the keyscan_start command initiates a keylogger that records every keystroke made by the user, while keyscan_dump retrieves the recorded data and displays it in your console. If the target system has a webcam, the webcam_list command will identify available devices, and webcam_snap can be used to take a single photo or webcam_stream to view a live video feed, often without the user’s knowledge.

System-level control also extends to networking and power management. The netstat command allows you to view all active network connections on the target, which is essential for identifying other machines in the network for lateral movement. To disrupt the target or finalize an assessment, you can use the reboot or shutdown commands to control the machine’s power state. For an even more stealthy approach, the timestomp command can be used to modify the MAC times (Modified, Accessed, Created) of a file, effectively “stomping” over forensic evidence to make a newly uploaded file appear as though it has been on the system for years.

Metasploit
Interact with the Target OS (Part 1)
Persist Your Connection on the Target OS

Get industry recognized certification – Contact us

keyboard_arrow_up