{ "id": "867493d9-0214-4f0a-a419-03a552799a55", "created_at": "2026-04-06T00:09:10.80559Z", "updated_at": "2026-04-10T03:20:59.960629Z", "deleted_at": null, "sha1_hash": "a0a70f725c1f7207a90769aa5ba4de8b5f68b10f", "title": "Metasploit Unleashed | About the Metasploit Meterpreter", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 47553, "plain_text": "Metasploit Unleashed | About the Metasploit Meterpreter\r\nArchived: 2026-04-02 11:50:29 UTC\r\nWhat is Meterpreter?\r\na11y.text What is Meterpreter?\r\nMeterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is\r\nextended over the network at runtime. It communicates over the stager socket and provides a comprehensive\r\nclient-side Ruby API. It features command history, tab completion, channels, and more.\r\nMetepreter was originally written by skape for Metasploit 2.x, common extensions were merged for 3.x and is\r\ncurrently undergoing an overhaul for Metasploit 3.3. The server portion is implemented in plain C and is now\r\ncompiled with MSVC, making it somewhat portable. The client can be written in any language but Metasploit has\r\na full-featured Ruby client API.\r\nHow Meterpreter Works\r\na11y.text How Meterpreter Works\r\nThe target executes the initial stager. This is usually one of bind, reverse, findtag, passivex, etc.\r\nThe stager loads the DLL prefixed with Reflective. The Reflective stub handles the loading/injection of the\r\nDLL.\r\nThe Metepreter core initializes, establishes a TLS/1.0 link over the socket and sends a GET. Metasploit\r\nreceives this GET and configures the client.\r\nLastly, Meterpreter loads extensions. It will always load stdapi and will load priv if the module gives\r\nadministrative rights. All of these extensions are loaded over TLS/1.0 using a TLV protocol.\r\nMeterpreter Design Goals\r\na11y.text Meterpreter Design Goals\r\nMeterpreter resides entirely in memory and writes nothing to disk.\r\nNo new processes are created as Meterpreter injects itself into the compromised process and can migrate to\r\nother running processes easily.\r\nBy default, Meterpreter uses encrypted communications.\r\nAll of these provide limited forensic evidence and impact on the victim machine.\r\nMeterpreter utilizes a channelized communication system.\r\nThe TLV protocol has few limitations.\r\nExtensible\r\nhttps://www.offensive-security.com/metasploit-unleashed/about-meterpreter/\r\nPage 1 of 2\n\na11y.text Extensible\r\nFeatures can be augmented at runtime and are loaded over the network.\r\nNew features can be added to Meterpreter without having to rebuild it.\r\nAdding Runtime Features\r\na11y.text Adding Runtime Features\r\nNew features are added to Meterpreter by loading extensions.\r\nThe client uploads the DLL over the socket.\r\nThe server running on the victim loads the DLL in-memory and initializes it.\r\nThe new extension registers itself with the server.\r\nThe client on the attackers machine loads the local extension API and can now call the extensions\r\nfunctions.\r\nThis entire process is seamless and takes approximately 1 second to complete.\r\nIn the next Metasploit Unleashed tutorial we’ll discuss some of the various Meterpreter Commands available to us\r\nin this new environment.\r\nSource: https://www.offensive-security.com/metasploit-unleashed/about-meterpreter/\r\nhttps://www.offensive-security.com/metasploit-unleashed/about-meterpreter/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.offensive-security.com/metasploit-unleashed/about-meterpreter/" ], "report_names": [ "about-meterpreter" ], "threat_actors": [], "ts_created_at": 1775434150, "ts_updated_at": 1775791259, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/a0a70f725c1f7207a90769aa5ba4de8b5f68b10f.pdf", "text": "https://archive.orkl.eu/a0a70f725c1f7207a90769aa5ba4de8b5f68b10f.txt", "img": "https://archive.orkl.eu/a0a70f725c1f7207a90769aa5ba4de8b5f68b10f.jpg" } }