meterpreter - some commands failed

[mmiller at hick.org (mmiller at hick.org)]

On Fri, Jan 04, 2008 at 12:32:30PM +0100, pUm wrote:
> I would like to disable some services with "reg", like this one (4=disable):
> reg setval -k HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmcfw
> -v Start -d 4
>
> result:
> [-] Error running command reg: An invalid argument was specified.
> Unknown key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicestmcfw
>
> how can I escape the backslashes?

Use two slashes ("\\").  Think of the meterpreter console as an actual
shell where you have to escape slashes.  In the example above you would
do:

reg setval -k HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\tmcfw -v Start -d 4

> two other questions:
> - I would like to inject a custom dll, will I be able to inject it via
> "use"? bcz, default points me to an ext_server_*.dll

Do you want to inject a meterpreter extension or inject an arbitrary
DLL?  If you want to inject an arbitrary DLL you can use the scripting
interface.  Drop into irb mode and use client.core.loadlib(...).  You
can see documentation for this in
lib/rex/post/meterpreter/client_core.rb.

> - is their a place to meet for additional "run"-scripts ?

The run command will check in a few different places by default:

script,
ScriptBase + Msf::Config::FileSep + "#{script}",
ScriptBase + Msf::Config::FileSep + "#{script}.rb",
UserScriptBase + Msf::Config::FileSep + "#{script}",
UserScriptBase + Msf::Config::FileSep + "#{script}.rb"

Where 'script' is the name of the script passed to the run command.  Take 
a look at lib/msf/base/sessions/meterpreter.rb in the execute_script function
for more info.

Hope that helps.