Today we are going to learn about
the session’s command of the Metasploit Framework. Sessions command basically helps us to
interact and manipulate with the various sessions created through the exploits
while hacking. Sessions command is usually just used to get into the session
but it is far more useful than just that. Sessions command can run a single command
on multiple sessions, and also upgrade a normal shell to meterpreter.
Requirement
Attacker: Kali
Linux
Targets: Any
operating system
Open kali Linux terminal and type msfconsole in order to load metasploit
framework. Now you need to compromise
victim’s machine once to achieve any type of session either metrepreter or shell
and to do so you can read our previous article from here.
So once you have obtained
victim’s machine session you can perform many operation in victim’s system for
retrieving important information. Using help
command we can check the list of options that we can use with session command.
Command: sessions –h
From given below image you can observe that it
had shown many option which will be quite useful for system enumeration
Run a command in
multiple sessions
We can run multiple OS
arbitrary commands of on multiple meterpreter session using the sessions
command.
Syntax: sessions
-c [command] -i [Session id]
Command: sessions
-c hostname -i 1, 2, 3
As you can see in the screenshot provided below that the
hostname command ran on the sessions 1, 2 and 3 giving us Hostnames of the
respectable Systems.
|
Sessions ID
|
Victim’s IP
|
Hostname
|
|
1
|
192.168.1.107
|
Pc21-PC
|
|
2
|
192.168.1.114
|
Pavan
|
|
3
|
192.168.1.113
|
PD-Laptop
|
Get Detailed
Information about Sessions
Use verbose option
for obtaining complete detail of session, it described the type of session
achieve i.e. meterpreter or shell; inform target system hostname and etc.
Command: sessions -v
From given below image you can observe that output result
using verbose option with session command.
Run a script or a
module in multiple sessions
Syntax: sessions -s
[script-name]
Command: sessions -s
winenum
As you can see in the screenshot provided above that the
winenum script ran on the sessions 4, 5 and 6 enumerating data from the
respectable Systems and save the output result into text files in pavan17.1611
folder.
Explore above highlighted path ./root/.msf4/logs/scripts/winenum/pavan to obtain the output result
of text file and from given below image you can observe that it showing all
text files which has contain the output result of above executed command.
From given below image you can read the information
stored inside ipconfig—all.txt file
for network configuration.
Assign Name to Sessions
We can name the sessions anything we want so as to
differentiate between the sessions. To Name a session use the following command.
Syntax: sessions
-n [Name] -i [Session ID]
Command: sessions
-n Yondu -i 1
From given below image you can observe we have
successfully named Session 1 as ‘Yondu’; here session ID 1 denotes yondu as
session Name.
Kill a particular
Session
If we want to close a particular session, we can do so
using Kill option with particular session ID in the sessions command.
Syntax: sessions
-k [Session ID]
Command: sessions
-k 3
As you can see in the given screenshot that we have closed session 3 using the sessions command.
Kill All Session
If we want to close all the sessions, we can do so using
Kill option without editing any session ID in the sessions command.
Command: sessions -K
As you can see in the given screenshot that we have closed
all the sessions using the sessions command.
Upgrading a Shell to
Meterpreter
Many a times while hacking through direct exploits we get to
the shell of the remote system but due to such vast usability of the
Meterpreter command we need to get the meterpreter shell. We can upgrade a
normal shell to meterpreter shell using the sessions command
Firstly let’s gain a shell; here I am using the direct
exploit as shown in the given screenshot which when executed gives us the shell
of the server.
You can clearly see that we have a Linux shell at session #1.
Now let’s upgrade this shell to meterpreter Shell.
Firstly press
“Ctrl+z” to send this shell in the background, then use upgrade option
with session ID as shown in the following Sessions Command.
Command: sessions
-u 1
As you can see in the image that the meterpreter shell is opened in the session #2.
0 comments:
Post a Comment