Type your comment> @gomeznap said:
Type your comment> @x000 said:
@gomeznap said:
I was able to get command execution on the target but I’m not too familiar with Windows boxes and not sure how to spawn a reverse shell. Anyone have any suggestions or resources to look at?Edit: For reference I was able to ping my local IP from the target and download a file, but not get a shell.
Try Meterpreter!
Thanks for the comment!
I tried a couple different meterpreter payloads and they never connect back to the exploit handler. Is the anything special I have to do on a windows machine to run the executable once its dropped on there or should I just be able to run it with a command like “payload.exe”?
sometimes, especially with blind RCE like this box, it helps to create some random folder somewhere on the remote machine to save it to in order to make sure that you have correct permissions. I tried my payload several times from typical directories and it wouldn’t work until i created a newC:\tmp folder with a mkdir command before sending the file. I think it was preventing me from outputting into the directory but without a shell you can’t see the errors or if the file is created.
You should be able to run it by just sending the full path as a command. for example C:\tmp\payload.exe