One of the newer features in the Metasploit Framework is its ability to upgrade a command shell payload to a Meterpreter payload once the system has been exploited, by issuing the sessions -u command. This is useful if we use a command shell payload as an initial stager and then find that this newly exploited system would make the perfect launching pad for further attacks into the network. Let’s look at a quick example from start to finish using MS08-067 with a reverse command shell as the payload, and upgrade it to a Meterpreter shell.

root@bt:/opt/framework3/msf3# msfconsole
msf > search ms08_067 [*] Searching loaded modules for pattern 'ms08_067'... Exploits ======== Name Rank Description ---- ---- ...