To upload, download, list, read, navigate, and execute files on the target machine, we will explore additional commands. Currently, we have an active Meterpreter session, and our initial step is to execute the pwd command to retrieve the present working directory. The output of this command indicates that our current location is the C:\Users directory. Subsequently, we execute the ls command to display a list of files and directories, which is displayed in the accompanying screenshot.
Suppose we wish to access the IEUser folder. In that case, we can navigate to it using the “cd IEUser” command, followed by “pwd” to verify that we have arrived at the intended location, which should display “C:\Users\IEUser.” Once there, we can proceed to the Downloads directory and utilize the “ls” command to produce a file listing, as demonstrated in the accompanying screenshot.
From the preceding screenshot, we can observe that there is a file called passwords.txt that could be of interest. To read the contents of this file, we can use the passwords.txt command, and the output will display the text contained within the file. The accompanying screenshot displays the result of executing this command.
Upon verifying the file, we can confirm that the output obtained from executing the “cat” command is consistent with its actual contents.
To preserve the file for future use, we will proceed to download it using the “download” command, followed by the filename, which in this case is “passwords.txt“. The appropriate command to download the file is as follows:
When we execute the command to download the file, the file is automatically downloaded to our system. We can then access the file by navigating to the root directory, where we can see the passwords.txt file. This is demonstrated in the accompanying screenshot.
Suppose we want to transfer a Trojan, virus, backdoor, or Keylogger to the target computer. In our root directory, we can find a range of files, among them the “backdoored-calc.exe” file, which we can upload using the “upload” command followed by the file name as “backdoored-calc.exe,” as shown in the command syntax below:
To view the list of files, we will execute the “ls” command. Upon running this command, we can observe that a new file has been added to the directory, which is named “backdoored-calc.exe“. This file is visible in the provided screenshot.
To execute the uploaded file on the target machine, we use the execute command, followed by the -f option and the name of the file we want to execute, which in this case is backdoored-calc.exe. When we execute the command, a new process with ID 3324 is created on the target machine, indicating that our backdoor has been successfully executed. This is shown in the accompanying screenshot.
In case the “backdoored-calc.exe” file contains a virus, it will execute its intended functions as programmed.
The “shell” command is another useful feature of Meterpreter that allows us to convert our current session into an operating system shell. Once this command is executed, we are presented with a Windows command line interface, which enables us to run various Windows commands. As depicted in the provided screenshot, this shell interface is running on a separate channel and we can use it to execute any Windows command we desire, such as “dir” to list all directories. We can utilize this interface to execute any other Windows command, similar to how we would do so through the Command Prompt.
If we run the help command and navigate to the filesystem section, we can see various commands that we can use to manage the filesystem on the target computer. These include commands to download, edit, remove, delete, rename, search, and move files, among others. The following screenshot displays some of the main commands available to manage the filesystem on the target computer.
We hope that the information provided about Filesystem Commands has been useful. If you want to learn more about Ethical Hacking, please follow us @ tutorials.freshersnow.com for more updates.