background— background the current session and return to the Metasploit consoleclearenv— clears the (Windows) event logs (kinda obvious)creds_all— dump all user credentials in memory (requires thekiwimodule)download— transfer a file from the target to the attackeredit— edit a filegetpid— get current process IDgetprivs— display current user privilegesgetsystem— attempt to elevate to SYSTEM/rootgetuid— get current process usergolden_ticket_create— create a golden ticket (requires thekiwimodule)guid— get session IDhashdump— dump NLTM hashes from the SAM (Windows-only, requires system privileges); fields are username, RID (the last four digits of the Windows SID, with leading zeros dropped), LM password hash, NTLM password hashifconfig— display host network interface informationinfo— get information about a meterpreter extensionload— load meterpreter extensionload kiwi— load Mimikatz extensionmigrate— migrate meterpreter to another processnetstat— display host network connectionsportfwd— forward a port on the hostroute— mess with the host routing tablesrun— run a meterpreter extensionsearch— search for filessessions— switch to another (Metasploit) sessionshell— drop to system shell (return to meterpreter usingCTRL + Z)sysinfo— pull remote system informationupload— transfer a file from the attacker to the target
meterpreter sessions can be backgrounded using the background command, and all sessions can be backgrounded using CTRL + Z. List sessions using the sessions command, and foreground a session using session -i #, where # is the session number.
The sessions command is also used to connect to meterpreter sessions that have been caught after a successfully executed exploit.