So I've compromised a windows 7 system(system priv and all) and would like to download files directly from his computer to mine. Is it possible to write a script that would search his computer for any files titled sales and download them? I couldn't find anything in the ultimate list of meterpreter scripts. Google searches have led me to find veil-pillage's Remote Desktop tool as a possible option but there has to be a more discreet way. Thanks in advance.
- Hot
- Active
-
Forum Thread: How to Track Who Is Sms Bombing Me . 4 Replies
2 mo ago -
Forum Thread: Removing Pay-as-You-Go Meter on Loan Phones. 1 Replies
2 mo ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 3 Replies
2 mo ago -
Forum Thread: moab5.Sh Error While Running Metasploit 17 Replies
3 mo ago -
Forum Thread: Execute Reverse PHP Shell with Metasploit 1 Replies
4 mo ago -
Forum Thread: Install Metasploit Framework in Termux No Root Needed M-Wiz Tool 1 Replies
5 mo ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 35 Replies
6 mo ago -
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
7 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
7 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
7 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
9 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
9 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
10 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
10 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
10 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
10 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
11 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
11 mo ago
-
Hack Like a Pro: How to Crack Passwords, Part 3 (Using Hashcat)
-
How To: Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
Hack Like a Pro: How to Crack User Passwords in a Linux System
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
How To: Build a Beginner Hacking Kit with the Raspberry Pi 3 Model B+
-
How To: Use Hash-Identifier to Determine Hash Types for Password Cracking
-
How To: Spy on Your "Buddy's" Network Traffic: An Intro to Wireshark and the OSI Model
-
How To: Use Leaked Password Databases to Create Brute-Force Wordlists
-
How To: Perform Local Privilege Escalation Using a Linux Kernel Exploit
-
Hack Like a Pro: Finding Potential SUID/SGID Vulnerabilities on Linux & Unix Systems
-
Locking Down Linux: Harden Sudo Passwords to Defend Against Hashcat Attacks
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
How to Hack Wi-Fi: Stealing Wi-Fi Passwords with an Evil Twin Attack
-
Hack Like a Pro: How to Find Directories in Websites Using DirBuster
-
How to Hack Wi-Fi: Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To: Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To: Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
-
How To: Dox Anyone
-
How To: Set Up a Wi-Fi Spy Camera with an ESP32-CAM
10 Responses
You could script netcat, but downloading multiple files would be complicated.
SSH is not a reliable way in this case.
I searched for some meterpreter scripting.
http://www.offensive-security.com/metasploit-unleashed/Custom_Scripting
Basically you could write a ruby script to locate all the "sales" files and then download them with meterpreter
Searching deeper I found another solution:
You can download files with meterpreter with the syntax:
meterpreter> download WINDOWSPATH LINUXPATH (in case you are using Kali)
But there's more!
You can create a list of files to download.
NOTE:I've never done this before, so I don't know if it actually works, people with more knowledge may confirm, thank you.
If you know the extension of the sals files, this will be easier.
To create the list, run the file collector script with this syntax (once you got the meterpreter shell):
Where -d means directory,use -r if you want to search in sub-folders, use -f if you want to search for specific extensions (-r -f anyfile.txt -o ecc...), that fits perfectly if you know the file type and if it is different from common ones.
Where WDP is the path of the directory, so if you know where the sales files are just write down the complete path, if you don't, generally go with "C:\\".
Where LDP (for example /root/filelist.txt) is the directory you want the filelist to be written to (-o) in your linux machine (in case you are using Kali).
Now that you have a list of files, you can start downloading them:
So if you want to search for files that have "sales" in the name, I guess you could make the WDP something like this, however i'm not 100% sure this will work, waiting for confirm:
If you want more on meterpreter scripting, there's "Metasploit Unleashed", an online free "course" to metasploit.
But before trying this, you should wait for confirm, however there's documentation online.
EDIT: found this article that explains it easier, I hope this is not spam:http://www.vidsploit.com/meterpreter/search-for-interesting-files/
Q:Is there a way to write the "anything symbol" in these posts?
To answer your question, any special formatting characters can simply be typed twice if you want them to show up in your comments. So if you want to type an asterix (*), just type it twice in a row ("**") and it will appear as a single asterix once you submit your comment. The same goes for underscores and square brackets.
@Bryan: That's great, any way to get code (box) formatting in the text editor? I would love to make more technical guides on exploits, plus it would look cooler..
@CIUFFY: I like that detail.
@Alex: You can search source forge for pillage modules for MSF if you have too. Good Luck. Got System?
In this case I had system becuase I had admin rights, but what do you do if you have a Meterpreter shell with user rights on a patched system? I'm attacking a Windows 7 SP1 machine so I used kiTrap0D and schelevator but they aren't working. Are there any ways to get the hashes as user or are modern exploits I'm missing? I found a tutorial on fuzzysecurity.com that explains priv escalation and am wondering if there are any easier ways than going though all those steps.
Another question, why would non-server windows systems ever be unpatched? Don't all windows systems update without asking you whenever Microsoft rolls out an update? I'd understand if people torrented windows on a large scale but most have legitimate copies of it and as far as I know you can't opt-out of updates.
Greetings, let me answer in reverse.
exit
I got NT AUTHORITY\SYSTEM earlier but I can only do it from admin privilege, I get stuck unable to get SYSTEM when I start with user. The question you're responding to doesn't have much to do with the original one, they we're just additional question I had that I felt didn't warrant a new thread.
Could be a VM.. You did have msf check for VM. Yes?
I'm targeting a laptop right beside me. Sorry for not mentioning that. I didn't know about just how many people torrented windows though. Thanks for the info.
Alex:
Just a comment about updating. Many commercial entities disable updating on their production systems because they don't want the system offline. In addition, updates will often "break" a system and many firms delay updates until they can test them in a offline environment. As a result, MANY systems don't get updated.
OTW
*Thank you!*
@CyberHitchHiker: Yeah I do, I'll be sure to check around for good pillage modules as I assumed any good modules came with MSF.
@CIUFFY: Thanks a lot! I'll be sure to report back the results when I get back to my computer.
Alex:
Meterpreter has an upload and download function for moving files. In addition, consider ftp and tftp as well as netcat and hping for moving files.
OTW
Share Your Thoughts