Meterpeter C2 Command & Control - Release v2.10.13

C2 modules list

Meterpeter C2 Command & Control - Release v2.10.13.6

Command & Control - Modules Structure

Module Name                        Module Description
-----------------------            ----------------------
info                               Retrieve remote host system information
session                            Retrieve Meterpeter C2 connection status
advinfo                            Advanced system information sub-menu
       |__ accounts                List remote host accounts
       |__ revshell                List client rev tcp shell information
       |__ ListAppl                List remote host installed applications
       |__ Processes               Remote host processes sub-menu
                   |__ Check       List remote processe(s) running
                   |__ Query       Process name verbose information
                   |__ DllSearch   List DLLs loaded by processes
                   |__ Kill        Kill remote process from running (processname or pid)
       |__ Tasks                   Enumerate schedule tasks sub-menu
                   |__ Check       Retrieve Schedule Tasks
                   |__ Query       Retrieve single task information
                   |__ RunOnce     Create new schedule task
                   |__ LoopExec    Create new schedule task
                   |__ Delete      Delete existing schedule task
       |__ Drives                  List all remote host mounted drives
       |__ Browser                 List remote host installed browsers sub-menu
                   |__ Start       Enumerate remote browsers\versions installed
                   |__ Verbose     Verbose enumerate remote browsers installed
                   |__ Addons      Enumerate installed browsers addons installed
                   |__ Clean       Clean major browsers temporary files 
       |__ Recent                  List remote host recent directory
       |__ ListSMB                 List remote host SMB names\shares
       |__ StartUp                 List remote host startUp directory
       |__ ListRun                 List remote host startup run entrys
       |__ AntiVirus               Enumerate all EDR Products installed sub-menu
                   |__ Primary     PrimaryAV + Security processes
                   |__ FastScan    PrimaryAV + Security processes + EDR hunt
                   |__ Verbose     Full scan module ( accurate\slower ) 
       |__ FRManager               Manage remote host firewall rules sub-menu
                   |__ Query       Query 'active' firewall rules
                   |__ Create      Block application\program rule
                   |__ Delete      Delete sellected firewall rule
       |__ OutLook                 Manage OutLook Exchange Email Objects sub-menu
                   |__ Folders     Display outlook folder names
                   |__ Contacts    Display outlook contacts info
                   |__ Emails      Display outlook email objects
                   |__ SendMail    Send Email using target domain
upload                             Upload from local host to remote host
       |__ start                   Upload from lhost to rhost
download                           Download from remote host to local host
       |__ start                   Download from rhost to lhost
Screenshot                         Capture remote host desktop screenshots sub-menu
       |__ Snapshot                Capture one desktop screenshot
       |__ SpyScreen               Capture multiple screenshots (background)
keylogger                          Install remote host keylogger sub-menu
       |__ Mouse                   Start remote mouselogger
       |__ Keystrokes              Start\Stop remote keylogger 
       |__ Pastebin                Send keystrokes to pastebin
       |__ Browser                 Capture browsers active tab title
       |__ SocialMedia             Capture FB + Twitter + whatsup + instagram keyboard keystrokes
PostExploit                        Post Exploitation modules sub-menu
       |__ Stream                  Stream remote host desktop live
                   |__ Start       Stream target desktop live
       |__ Camera                  Take snapshots with remote webcam sub-menu
                   |__ Device      List all available WebCamera Devices
                   |__ Snapshot    Auto use of default webcam to take snapshot
                   |__ WebCamAvi   Capture video (AVI) using default webcam
       |__ FindEop                 Search for EOP possible entry points sub-menu
                   |__ Check       Retrieve directory permissions
                   |__ Service     Search for Unquoted Service Paths
                   |__ RottenP     Search For rotten potato vuln
                   |__ Agressive   Search for all EOP possible entrys
       |__ Escalate                Escalate rev tcp shell privileges sub-menu
                   |__ GetAdmin    Escalate client privileges (user->admin)
                   |__ Delete      Delete getadmin module artifacts
                   |__ Uacpriv     use RUNAS to spawn UAC (user->admin)
                   |__ CmdLine     UAC execute command elevated
       |__ Persist                 Persist rev tcp shell on startup sub-menu
                   |__ Beacon      Persiste Client using startup
                   |__ ADSRUN      Persiste Client using ADS:Run
                   |__ RUNONCE     Persiste Client using REG:HKCU
                   |__ REGRUN      Persiste Client using REG:HKLM
                   |__ Schtasks    Persiste Client using Schtasks
                   |__ WinLogon    Persiste Client using WinLogon
       |__ TimeStamp               Change remote host files timestamp
                   |__ Check       Print current file timestamp
                   |__ Modify      existing file timestamp
       |__ Msstore                 Manage microsoft store programs
                   |__ List        installed packets [local PC]
                   |__ Discover    search for appl in msstore
                   |__ Install     application from msstore
                   |__ Uninstall   application from [local PC]
       |__ Artifacts               Clean remote host activity tracks sub-menu
                   |__ Query       query eventvwr logs
                   |__ Clean       clean system tracks
                   |__ Paranoid    clean tracks paranoid ( anti-forensic )
       |__ HiddenDir               Super\hidden directorys manager sub-menu
                   |__ Search      for regular hidden folders
                   |__ Super       Search super hidden folders
                   |__ Create      Create\Modify super hidden
                   |__ Delete      One super hidden folder
       |__ hideUser                Remote hidden accounts manager sub-menu
                   |__ Query       Query all accounts
                   |__ Create      Create hidden account
                   |__ Delete      Delete hidden account
       |__ Passwords               Search for passwords inside files sub-menu
                   |__ File        Search for credentials recursive
                   |__ Putty       Leak PUTTY session(s) credentials (regedit)
                   |__ Dpapi       Dump DPAPI masterKeys + blobs
                   |__ Vault       Dump creds from Password Vault
                   |__ WDigest     Credential caching in memory [clear-text]
                   |__ Brower      Web Brower credential dump [clear-text]
                   |__ DumpSAM     Dump hashs from registry hives.
       |__ BruteAcc                Brute-force user account password
                   |__ Start       Brute force user account password
       |__ PhishCred               Promp remote user for logon creds
                   |__ Start       Phish for remote credentials
       |__ AMSIpatch               Disable AMS1 within current process sub-menu
                   |__ Console     Disable AMS1 within current process
                   |__ FilePath    Execute input script trough bypass 
                   |__ PayloadUrl  Download\Execute script trough bypass
       |__ Exclusions              Manage Windows Defender exclusions
                   |_ Query        Query all windows defender exclusions
                   |_ Create       Create a new windows defender exclusion
                   |_ UrlExec      Download\Exec URI through created exclusion
                   |_ Delete       Delete one windows defender exclusion
       |__ LockPC                  Lock remote host WorkStation
       |__ Restart                 Restart remote host WorkStation
       |__ Allprivs                EnableAllParentPrivileges to exec cmdline sub-menu
                   |__ demo        EnableAllParentPrivileges to exec cmdline (demo)
                   |__ cmdline     EnableAllParentPrivileges to exec cmdline (cmdline)
NetScanner                         Local LAN network scanner sub-menu
       |__ ListDNS                 List remote host Domain Name entrys
       |__ TCPinfo                 List remote host TCP\UDP connections sub-menu
                   |__ Stats       Query IPv4 Statistics
                   |__ Query       Established TCP connections
                   |__ Verbose     Query all TCP\UDP connections
       |__ ListWifi                List remote host Profiles/SSID/Passwords sub-menu
                   |__ ListProf    Remote-Host wifi Profile
                   |__ ListNetw    List wifi Available networks
                   |__ ListSSID    List Remote-Host SSID Entrys 
                   |__ SSIDPass    Extract Stored SSID passwords
       |__ PingScan                List devices ip addr\ports\dnsnames on Lan sub-menu
                   |__ Enum        List active ip addresses on Lan
                   |__ PortScan    Single ip port scanner \ dns resolver
       |__ GeoLocate               Client GeoLocation using curl ifconfig.me sub-menu
                   |__ GeoLocate   Client GeoLocation using curl
                   |__ Ifconfig    Client GeoLocation using ifconfig
Pranks                             Prank remote host modules sub-menu
       |__ Msgbox                  Spawn remote msgbox manager
                   |__simple       Spawn simple msgbox
                   |__cmdline      msgbox that exec cmdline
       |__ Speak                   Make remote host speak one frase
                   |__start        speak input sentence 
       |__ OpenUrl                 Open\spawn URL in default browser
                   |__Open         Url on default browser
       |__ GoogleX                 Browser google easter eggs sub-menu
                   |__ gravity     Open Google-Gravity webpage
                   |__ sphere      Open Google-Sphere webpage
                   |__ rotate      Open rotate 360º webpage
                   |__ mirror      Open Google-Mirror webpage
                   |__ teapot      Open Google-teapot webpage
                   |__ invaders    Open Invaders-Game webpage
                   |__ pacman      Open Pacman-Game webpage
                   |__ rush        Open Google-Zerg-Rush webpage
                   |__ moon        Open Google-Moon  webpage
                   |__ Terminal    Open Google-Terminal webpage
                   |__ trexgame    Open Google-T-Rex-Game webpage
                   |__ kidscoding  Open Google-kidscoding webpage
                   |__ googlespace Open Google-Space webpage
       |__ WindowsUpdate           Fake windows update full screen prank (browser)
       |__ CriticalError           Prank that fakes a critical system error (BSOD)
       |__ BallonTip               Show a ballon tip in the notification bar
       |__ Nodrives                Hide All Drives (C:D:E:F:G) From Explorer (GUI)
       |__ LabelDrive              Rename drive letter (C:) label (display name)
                   |__ List        List ALL drives available
                   |__ Rename      Rename drive letter label