Metasploit/Exploit#7 : How to move around,create folders,download and upload files in Windows victim machine in Metasploit






  In this tutorial, we will be looking on how to use Metasploit  to move around,create folders, download and upload files  in your victim machine. The targeted machine that I use in this tutorial is Windows  XP .If you are new to Metasploit check on my introduction to Metasploit  tutorial .


  I will straight jump into the Meterpreter.If you don't know how to get into Meterpreter and miss the earlier part of this tutorial series,please check on my  tutorial on How to get into Meterpreter .



Tips 101
  1. Checking the current victim directory.
  2. Changing victim directory .
  3. Creating a new directory in victim system .
  4. Creating a new file in victim (Windows)  machine.
  5. Listing files in victim machine.
  6. Reading file content in victim machine.
  7. Edit files on victim machine.
  8. Downloading files and directory to local drive.
  9. Uploading files and directory to victim machine.
Details
1. Checking the current victim directory.
use "pwd" command to check your current directory location in the victim machine.






2. Changing victim directory .

To change the directory  you can use "cd" command. Use "cd" command followed with the directory that you want to go in the victim machine. 



3. Creating a new directory in victim system .

To create a new directory, use "mkdir" command.In this example, we are creating a folder name "tgshacked" .




4. Creating a new file in victim (Windows)  machine.
To create a file in Windows machine, we need to get into Windows command prompt. We will use Metasploit to run a new process "cmd.exe"  in victim machine. We will then interact with the active channel to communicate with the newly created. This can be done in a single command on Meterpreter.





Once you are in the command prompt, you can use Windows DOS command to create,move,delete and do some other stuff. In the example below, I use "echo" and file concatenation  ">" to create a content to a file name "hacked.txt"

5. Listing files in victim machine.
In this example, we are listing files in the current directory.(much like ls command in Linux Bash).




6. Reading file content in victim machine.
We can use "cat" command followed with the file name to read the existing file in Meterpreter. In below example, we are reading the file name "hacked.txt" .





7. Edit files on victim machine.
To edit the file, use "edit" command and followed with the file name.





You need to edit the file using vi command. For more information on how to use vi command, please check it out here.


8. Downloading files and directory to local drive.

If you want to download the file to your local drive, use "download" command followed with the file name. If you are not sure on which location Metasploit will download the file to, check on your Meterpreter by typing "getlwd" command .





9. Uploading files and directory to victim machine.

Similar to using the "download" command, you can upload file from your local drive to victim machine by using "upload" command followed with the filename.




Read Previous : Metasploit/Exploit #6 How to get Windows victim machine using winenum script in Metasploit 
Previous
Next Post »