Posted on

Meterpreter architecture migration exploit

Hello aspiring hackers. You all know about the meterpreter payload. It is an advanced dynamically extensible payload of Metasploit. Meterpreter architecture migration exploit is a “post” exploit used to migrate from one architecture to another architecture. What is architecture? As we all know there are two main system architectures 32bit and 64bit.

Sometimes we happen to run our exploit from a 32bit machine to hack a 64bit machine or run our exploit from a 64bit machine to hack a 32bit machine. The meterpreter payload spawns a process according to the architecture of the attacking system. If the attacking system is 32bit, the meterpreter process is 32bit and if the attacking system is 64bit the meterpreter process is 64bit.

Sometimes there may be compatibility issues if we get a 32bit meterpreter session on a 64bit machine and vice versa. This is the exact reason why this module has been introduced. For example, in one of our previous howto, we hacked a 64bit machine from a 32bit Kali Linux. So we have a 32bit meterpreter session on a 64bit target system. To overcome the problems of incompatibility, we need to start a 64bit meterpreter session.

It is exactly in cases like these, this module comes handy. This module checks if the architecture of meterpreter is as same as the architecture of OS and if it is not, spawns a new process with the correct architecture and migrates into that process. Let’s see how this module works.

To use this module, we need to background the current session using command “background”. Then load the exploit as shown below. Type command “show options” to have a look at the options it requires.

meterpreter architecture migration from 32bit to 64bit and vice versa

We need to only set the session id of the meterpreter session we just sent to background and the exploit is good to go.

Archmigrate2

If you see in the above image, our exploit failed to run for the first time. This is because in the previous session we had system privileges and if we run this module we may lose the system privileges. But don’t worry we can change the options to overcome this problem.

Set “ignore_system” option to true and you should be fine to go. This time the exploit ran successfully. As you can see in the above image, our target is a 64bit machine and our meterpreter migrated to a 64bit process successfully. Lets check by typing command “session s -l” to see the available sessions. You can see we have a 64bit meterpreter now. Job performed.

Archmigrate3
Posted on

Complete guide to meterpreter: Part 1

Hello aspiring hackers. In this article we present you a meterpreter cheat sheet. Since I am writing many howtos on how to exploit different vulnerabilities in both web and operating systems using Metasploit, I thought may be it would be very helpful for beginners to make a guide to Meterpreter since it is the most widely used payload for our exploits. That begs the question as what is a payload which further begs the question of what is an exploit. See how to upgrade normal command shell to meterpreter.

To be put clearly, exploit is “a defined way in which to take advantage of the given vulnerability”. Imagine a house ( containing lots and lots of money ) is locked with a complex number lock decoding which is almost impossible, but the lock has a weakness. If you hit it very hard, the lock may break. This is its vulnerability. Now to take advantage of this vulnerability, we need something like HAMMER to hit it very hard. Here, hammer is our exploit.

Now let us define payload. A payload defines what exactly we want to do after a system is exploited. And here, meterpreter is our payload. Meterpreter has lot of advantages over other payloads. It is powerful, extensible and most importantly stealthy. It uses encrypted communication, writes nothing to disk and doesn’t create any new processes. Ok, Ok, Ok. That’ s lot of theory. Now let’s get to the main concept of this howto. For this howto, I have exploited a Windows system with Kali Linux and acquired a meterpreter session. As soon as you get the meterpreter session, type “?” or “help”. This will give all the commands available with meterpreter. In this Part 1. we will see all the file system commands. As the name implies these commands are used in filesystem manipulation.

Mepe1

1. pwd

The first command we will see is “pwd” which stands for “print working directory”. It shows the current working directory in the remote system as shown below.

Mepe2

2. cd

“cd” stands for “change directory”. This command is used to change our working directory in the remote machine. The command “cd ..” means going one directory back. Here we did it twice to go to the “C:\” directory.

Mepe3

3. ls

The “ls” command is used to list files and directories. For example, I want to see the contents of Desktop in my remote system. Navigate to that directory and type command “ls”. As shown below, we can see the files and directories on Desktop in remote machine.

Mepe4

4. cat

The “cat” command allows us to create single or multiple files, see contents of file, concatenate files and redirect output in terminal or files as we require. Here, we will use the “cat” command to view the contents of the file h323log present on the remote system as shown below.

Mepe5
Mepe6

5. edit

“edit” command is used to edit the file. It will open the file in Vi editor in which we can make changes as shown below.

Mepe7

Here I have deleted two lines in the file.

Mepe8

6. mv

The “mv” command is used to move the files to another directory as shown below. Here, we have moved the file h323log.txt to another directory called “cracked”.

Mepe9

7. search

The “search” command is used to search for specific files in the remote system as shown below.

Mepe10
Mepe11

8. download

The “download” command is used to download any files from the remote system to our system. For example, let us download the samspade file present on the Desktop of remote system to our system as shown below.

Mepe12

9. lpwd, getlwd, getwd

The “lpwd” and “getlwd” commands are used to print local working directory i.e the working directory of attacker system. The “getwd” command is used to get the working directory of remote system.

Mepe13

10. lcd

The “lcd” command is used to change the local working directory as shown below.

Mepe14

11. upload

The “upload” command is used to upload any files to the remote system from our local system. Here, we have to give the exact path of the remote system where we want to upload our file as shown below.

Mepe15

12. rm

The “rm” command is used to delete files in the remote system. We use this command generally to delete any executable files we have uploaded so that our victim doesn’t get any suspicion.

Mepe16

13. rmdir

The “rmdir” command is used to delete directories since “rm” command cannot do it. Its usage is shown below.

meterpreter cheat sheet

14. mkdir

The “mkdir” command is used to create new directories or folders on the remote system as shown below.

Mepe18

Hope this meterpreter cheat sheet was helpful. I will be back with “part 2” of meterpreter cheat sheet soon.

Want to learn how Black Hat hackers hack? Subscribe to our Digital Magazine Now.