Matasploit

Meterpreter

Meterpreter is a metasploit payload for penetration testing. It’s run on the target system in the RAM, not in the disk, for avoiding to be detected, because AV analyse new files on the disk and not in the RAM, but it can be detected in the process list. For avoiding to be detected by the IPS/IDS, the channel between the target system and the attacker system is encrypted.

Meterpreter is executed directly to the RAM, but, is appear in the process list, not as meterpreter process, but, for windows in spoolsv.exe

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search