1 1 00:00:01,250 --> 00:00:03,600 Now we're going to learn more commands 2 2 00:00:03,600 --> 00:00:06,470 that will allow us to navigate, 3 3 00:00:06,470 --> 00:00:09,460 list, read, download, upload, 4 4 00:00:09,460 --> 00:00:12,583 and even execute files on the target computer. 5 5 00:00:13,980 --> 00:00:16,810 So I have my Meterpreter session right here 6 6 00:00:16,810 --> 00:00:18,910 and the first thing I'm going to do is 7 7 00:00:18,910 --> 00:00:23,670 get my current working directory using the pwd command. 8 8 00:00:23,670 --> 00:00:24,560 And as you can see, 9 9 00:00:24,560 --> 00:00:27,250 I'm in C:\Users at the moment. 10 10 00:00:27,250 --> 00:00:29,880 Now if I wanna list all the files and directories, 11 11 00:00:29,880 --> 00:00:31,223 I'm gonna use ls. 12 12 00:00:32,300 --> 00:00:35,000 And let's say that I want to navigate 13 13 00:00:35,000 --> 00:00:36,640 to this file, IEUser. 14 14 00:00:37,757 --> 00:00:39,590 I'm gonna do cd IEUser 15 15 00:00:43,488 --> 00:00:45,728 and if I do pwd now, 16 16 00:00:45,728 --> 00:00:48,730 you'll see that I'm in Users\IEUser. 17 17 00:00:48,730 --> 00:00:50,273 And let's go into downloads, 18 18 00:00:52,480 --> 00:00:53,883 list the files. 19 19 00:00:55,870 --> 00:00:58,263 As you can see now in the files that we listed, 20 20 00:00:59,190 --> 00:01:02,013 we can see a file here called passwords.txt. 21 21 00:01:02,960 --> 00:01:05,690 So this seems like an interesting file, 22 22 00:01:05,690 --> 00:01:08,030 so let's see if we want to read this file. 23 23 00:01:08,030 --> 00:01:09,040 If I wanted to read it, 24 24 00:01:09,040 --> 00:01:14,040 all I have to do is do cat and passwords.txt. 25 25 00:01:19,960 --> 00:01:21,200 And as you can see, 26 26 00:01:21,200 --> 00:01:24,473 we can see that it contains test1 and test2. 27 27 00:01:25,430 --> 00:01:26,920 So if I go here 28 28 00:01:26,920 --> 00:01:28,630 and run the file, 29 29 00:01:28,630 --> 00:01:32,163 you can see that this is the actual content of the file. 30 30 00:01:33,520 --> 00:01:35,690 Now let's say that I really want this file 31 31 00:01:35,690 --> 00:01:37,960 and I wanna keep it for later, 32 32 00:01:37,960 --> 00:01:39,970 then I can download that file. 33 33 00:01:39,970 --> 00:01:42,230 To do that, we're just going to say download 34 34 00:01:44,390 --> 00:01:47,420 and we put the file name which is passwords.txt. 35 35 00:01:52,610 --> 00:01:55,650 Now the file has been downloaded successfully 36 36 00:01:55,650 --> 00:01:57,863 and if I go to my root folder, 37 37 00:01:59,700 --> 00:02:02,210 you'll see that I have a file called passwords 38 38 00:02:02,210 --> 00:02:04,663 and it contains test1 and test2. 39 39 00:02:07,060 --> 00:02:09,900 Let's say that I have a backdoor 40 40 00:02:09,900 --> 00:02:14,200 or a virus or a Trojan or a key logger 41 41 00:02:14,200 --> 00:02:17,310 that I want to upload on the target computer. 42 42 00:02:17,310 --> 00:02:19,640 So I can upload it very easily now. 43 43 00:02:19,640 --> 00:02:22,220 I'll go back to my root actually, to show you, 44 44 00:02:22,220 --> 00:02:25,453 that I have a file called backdoored-calc.exe. 45 45 00:02:28,320 --> 00:02:30,600 So I'm gonna try to upload that file 46 46 00:02:30,600 --> 00:02:33,180 and to do that we're just gonna run upload 47 47 00:02:36,190 --> 00:02:37,453 and we put the file name. 48 48 00:02:39,070 --> 00:02:39,903 Hit Enter. 49 49 00:02:41,880 --> 00:02:43,340 And as you can see now, 50 50 00:02:43,340 --> 00:02:45,480 the file has been uploaded successfully. 51 51 00:02:45,480 --> 00:02:48,153 Now let's list to make sure the file exists. 52 52 00:02:50,490 --> 00:02:52,140 And we can see that we have a new file 53 53 00:02:52,140 --> 00:02:54,343 called backdoored-calc.exe. 54 54 00:02:57,250 --> 00:03:00,300 And to execute this file on the target computer, 55 55 00:03:00,300 --> 00:03:01,740 now we only uploaded it, 56 56 00:03:01,740 --> 00:03:04,050 so it it was a virus or a key logger, 57 57 00:03:04,050 --> 00:03:05,350 and you wanna execute it, 58 58 00:03:05,350 --> 00:03:07,390 all you have to do is execute 59 59 00:03:09,630 --> 00:03:11,720 and specify the file 60 60 00:03:11,720 --> 00:03:14,820 that you'd like to execute after the f command. 61 61 00:03:14,820 --> 00:03:16,660 And then type in the name of the file. 62 62 00:03:16,660 --> 00:03:20,693 So in this case it's backdoored-calc.exe. 63 63 00:03:23,980 --> 00:03:24,813 And as you can see, 64 64 00:03:24,813 --> 00:03:28,760 it's telling us that process 3128 has been created 65 65 00:03:28,760 --> 00:03:31,950 so my backdoor has been executed. 66 66 00:03:31,950 --> 00:03:35,480 Now if this was a virus or anything that you uploaded, 67 67 00:03:35,480 --> 00:03:37,530 it'll do what it's supposed to do 68 68 00:03:37,530 --> 00:03:39,733 because you just executed that file. 69 69 00:03:42,220 --> 00:03:45,900 Another feature that I wanna show you is shell, 70 70 00:03:45,900 --> 00:03:49,680 which basically just converts the current Metasploit 71 71 00:03:49,680 --> 00:03:51,270 or Meterpreter session 72 72 00:03:51,270 --> 00:03:54,360 into a operating system shell. 73 73 00:03:54,360 --> 00:03:55,823 So if I just type in shell, 74 74 00:03:57,610 --> 00:04:00,150 you'll see I'll get a Windows prompt 75 75 00:04:00,150 --> 00:04:01,790 or Windows command line 76 76 00:04:01,790 --> 00:04:03,843 where I can execute Windows commands. 77 77 00:04:05,930 --> 00:04:06,983 As you can see now, 78 78 00:04:08,020 --> 00:04:09,790 it's on the different channel 79 79 00:04:09,790 --> 00:04:14,220 and I can run any Windows command that I want 80 80 00:04:14,220 --> 00:04:15,250 through this now. 81 81 00:04:15,250 --> 00:04:17,070 So I can just do dir 82 82 00:04:17,070 --> 00:04:18,930 to list all directories. 83 83 00:04:18,930 --> 00:04:20,460 I can do ipconfig 84 84 00:04:22,290 --> 00:04:24,500 or use any Windows command 85 85 00:04:24,500 --> 00:04:27,190 that I want exactly like running the commands 86 86 00:04:27,190 --> 00:04:29,083 through the command prompt. 87 87 00:04:29,920 --> 00:04:32,370 Now, there's much more commands that you can do 88 88 00:04:32,370 --> 00:04:34,390 for file system management. 89 89 00:04:34,390 --> 00:04:36,110 So if you type in help 90 90 00:04:36,110 --> 00:04:38,523 and you go to the file system section, 91 91 00:04:40,480 --> 00:04:43,310 you'll see that you can edit, 92 92 00:04:43,310 --> 00:04:46,690 you can download, we showed that. 93 93 00:04:46,690 --> 00:04:49,870 You can move a file to another file. 94 94 00:04:49,870 --> 00:04:52,380 It also can be used to rename files. 95 95 00:04:52,380 --> 00:04:54,120 You can delete files, 96 96 00:04:54,120 --> 00:04:55,910 you can remove directories, 97 97 00:04:55,910 --> 00:04:57,190 you can search. 98 98 00:04:57,190 --> 00:04:59,560 So there is so many more things that you can do 99 99 00:04:59,560 --> 00:05:00,700 with file system. 100 100 00:05:00,700 --> 00:05:03,090 That was just an overview of the basic 101 101 00:05:03,090 --> 00:05:04,310 or main commands 102 102 00:05:04,310 --> 00:05:07,340 that you can use with managing the file system 103 103 00:05:07,340 --> 00:05:08,653 of the target computer.