LabEx
Log InJoin Free

Navigate the Basic Meterpreter Shell

Kali LinuxBeginner
Practice Now

Introduction

Meterpreter is an advanced payload from the Metasploit Framework that provides an interactive shell on a compromised system. It's a critical tool for penetration testers.

In this lab, you will learn the fundamental commands for basic navigation and information gathering within a Meterpreter shell. We will use a script to simulate a real Meterpreter session.

To begin, execute the following command in your terminal, which is already in the ~/project directory, to start the simulated session. Your prompt will change to meterpreter >.

./meterpreter_simulator.sh

You will see some output simulating a connection, and all subsequent commands in this lab should be typed into this new meterpreter > prompt.

Get basic system information with the sysinfo command

In this step, you will learn to use the sysinfo command. This command is one of the first things you should run after gaining a session, as it provides a quick and valuable overview of the target system. It reveals the computer name, operating system, and system architecture.

At the meterpreter > prompt, type the sysinfo command and press Enter:

sysinfo

You will see output similar to the following, detailing the basic information of the simulated target machine:

Computer        : labex-vm
OS              : Ubuntu 22.04 (Linux 5.15.0-generic)
Architecture    : x64
System Language : en_US
Meterpreter     : x64/linux

Identify the current user with the getuid command

In this step, we will use the getuid command. Understanding the privileges of your current session is critical. The getuid command instantly tells you the user account under which the Meterpreter payload is running. This information helps determine what actions you can perform on the system and whether you need to attempt privilege escalation.

At the meterpreter > prompt, type getuid:

getuid

The output shows the username and associated user ID (uid). In this case, we are running as the labex user.

Server username: uid=1000, euid=1000, gid=1000 (labex)

List running processes with the ps command

In this step, you'll learn to list running processes using the ps command. The Meterpreter ps command is similar to its Linux counterpart but is executed through the session on the remote machine. Listing processes is essential for situational awareness. It can help you identify security software, find interesting applications, or choose a stable process to migrate into.

Now, run the ps command in your Meterpreter shell:

ps

The output will be a list of processes running on the target system. Our simulation shows a few key processes, including the shell (zsh) and the script itself (bash).

Process List
============

  PID   PPID  Name               Arch  Session  User      Path
  ---   ----  ----               ----  -------  ----      ----
  1     0     systemd            x64   0        root      /usr/lib/systemd/systemd
  935   1     sshd               x64   0        root      /usr/sbin/sshd
  1050  935   sshd               x64   1        labex     /usr/sbin/sshd
  1051  1050  zsh                x64   1        labex     /bin/zsh
  1100  1051  bash               x64   1        labex     /bin/bash

Use the help command to see all Meterpreter commands

In this step, we will explore the help command. Meterpreter is packed with features, and it's impossible to remember every command. The help command is your best friend, providing a comprehensive list of all available commands, grouped by category.

To see the list of available commands, simply type help:

help

The output displays the core commands as well as commands from loaded modules like stdapi. Take a moment to look through the list to get a sense of Meterpreter's capabilities.

Core Commands
=============
    Command       Description
    -------       -----------
    ?             Help menu
    background    Backgrounds the current session
    exit          Terminate the meterpreter session
    help          Help menu
    quit          Terminate the meterpreter session

Stdapi: System Commands
=======================
    Command       Description
    -------       -----------
    getuid        Get the user that the server is running as
    ps            List running processes
    sysinfo       Gets information about the remote system, such as OS

Background the session with the background command

In this step, you will learn how to use the background command. When managing multiple compromised systems, you don't want to close a session to work on another task. The background command pushes the current Meterpreter session to the background, allowing you to return to the main Metasploit console (msf6 >) to manage sessions or launch other modules.

In our simulation, running background will end the script and return you to the standard Linux terminal. Type background now:

background

You will see a confirmation message, and your prompt will return from meterpreter > to the normal labex@ubuntu:~/project$. This signifies that you have successfully backgrounded the session.

[*] Backgrounding session 1...

Summary

Congratulations on completing this lab! You have learned how to navigate a basic Meterpreter session and perform initial reconnaissance.

You are now familiar with the following fundamental commands:

  • sysinfo: To gather basic operating system and hardware information.
  • getuid: To identify the current user's privilege level.
  • ps: To list running processes on the target machine.
  • help: To display all available commands.
  • background: To return to the main console without terminating the session.

These commands are the building blocks for more advanced post-exploitation activities. Mastering them is the first step toward becoming proficient with the Metasploit Framework.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux