TL;DR
This guide shows you how to automatically run commands when a Meterpreter session starts in Metasploit, saving time and ensuring consistent post-exploitation actions.
Setting up Auto Commands
- Access the Session: First, get a Meterpreter session. This could be through an exploit or other method.
msf6 > sessions -lmsf6 > sessions 1 - Use the ‘session’ command: Enter the Meterpreter session you want to configure.
- Run the ‘auto’ command: This is where you define the commands to execute automatically.
meterpreter > auto - Add Commands: The
autocommand enters a sub-prompt. Type each command on a new line, pressing Enter after each one. Commands are executed in order as they’re added.- Example commands:
getuidsysinfoshell whoamimigrate
- Example commands:
- Exit the ‘auto’ prompt: Type
exitand press Enter to save your commands.meterpreter > exit - Verify Auto Commands: Use the
autocommand again (without arguments) to list the commands that will be executed on session start.meterpreter > auto - Test the Configuration: Disconnect and reconnect to the target (or re-establish a new session if necessary). The commands you added should run automatically.
Important Considerations
- Command Order: Pay attention to the order of your commands. Some commands might depend on others completing successfully first.
- Error Handling: Meterpreter doesn’t provide built-in error handling for auto-executed commands. If a command fails, it won’t stop the execution of subsequent commands, but you won’t get an explicit notification.
- Stability: Avoid commands that could crash the session (e.g., overly aggressive enumeration) in your auto list.
- Persistence: Auto-executed commands are not persistent across reboots of the target system. They only apply to the current Meterpreter session.
Advanced Usage – Scripting
For more complex automation, consider using a Meterpreter script instead of the auto command. Scripts allow for conditional logic and more robust error handling.