msfconsole commands we used include:
search for module that affect the windows platform and has a type of post.
search for module that affect the windows platform and has a type of exploit and can be run via a local session.
list out all the background sessions
restore background session by id.
Use this module to enumerate possible vulnerabilities on the target host. This module needs an established session to run against and can be seen when run ‘show options’. SESSION is the id of the established session.
Use the ‘kitrap0d’ exploit to get SYSTEM level privileges on the windows box.
Use the ‘schelevator’ exploit to run a scheduled task as a SYSTEM user and start a reverse tcp shell using those privileges.
Generate a reverse meterpreter payload msfvenom (Kali 2). This payload can be executed from a target host and will start a reverse tcp session.
To allow the above session to connect you will need to start a listener from your kali instance.
Steps to get a meterpreter shell
- deliver a payload
- use an exploit to have msfconsole drop and execute the payload.
- manually create the payload then find a way to get it on to the target and executed.
- listen for a the reverse tcp shell connection.
- if you can use an exploit then this will be taken care of for you.
- if you manually drop the payload then you can use the exploit/multi/handler module to listen for incoming connections.
Exploit vs Payload?