Penetration Testing with Metasploit’s Meterpreter

Having a command prompt is great. However, often it would be convenient to have more flexibility after you’ve compromised a host. And in some situations, you need to be so sneaky that even creating a new process on a host might be too much noise. That’s where the Meterpreter payload shines!

The Metasploit Meterpreter is a command interpreter payload that is injected into the memory of the exploited process and provides extensive and extendable features to the attacker. This payload never actually hits the disk on the victim host; everything is injected into process memory with no additional process created. It also provides a consistent feature set no matter which platform is being exploited. The Meterpreter is even extensible, allowing you to load new features on-the-fly by uploading DLLs to the target system’s memory.