A common question that comes up with post-exploitation is the need to run multiple things when a meterpreter session is initiated.
You can easily run a single command using the ‘AutoRunScript’ option. For example:
msf (psexec) > set AutoRunScript killav
However, if you need multiple things to run, there’re a couple multi-runner scripts that you should know about: multiscript, multicommand, and multi_console_command. They can take either a -c or a -rc option, which will provide the list of items to run. These scripts were provided by dark0perator.
Sidenote: If you’re using the multi* scripts, it’s better to use the -rc option. The parsing for the multi-command scripts doesn’t handle spaces well.
msf (psexec) > set AutoRunScript multi_console_command -c ‘command, command, command’ ## Don’t do this
It’s much better to use an external rc file where commands.rc is just a list of commands one-per-line like:
help
run killav
migrate
shutdown
Then call it like:
msf (psexec) > set AutoRunScript multi_console_command -rc commands.rc
Another (non-recommended) trick is to set the InitialAutoRunScript option ie ‘set InitialAutoRunScript killav’ if you only need two scripts to run – but generally InitialAutoRunScript shouldn’t be touched except by exploits. It’s intended for exploits that know the target process is going to die, so they can migrate. (thanks to egyp7 for the info).
Jonathan Cran 
Thanks! this was a very timely post, and while it took me a while to figure out what was a script (ie: run migrate – not just migrate) and what was a command (screenshot) I’ve got it working just perfectly!
thanks james, glad it helped. i’ll clean this up and add a few more examples time permitting
Hey great Tip 🙂 would it be ok if i reblog this one? So simple but brilliant, so im gonna spread it aight?
Sure thing
jcran – sent from the mobile
Reblogged this on My.grind.on.IT und kommentierte:
simple but brilliant thanks jcran 🙂