trojan81
asked on
execute command on meterpreter
Experts,
On my meterpreter session I need to execute this command:
procdump64.exe -accepteula -ma lsass.exe lsass1.dmp
this does not work:
meterpreter > execute -f procdump64.exe -accepteula -ma lsass.exe lsass1.dmp
nor
meterpreter > execute -f procdump64.exe -a -accepteula -ma lsass.exe lsass1.dmp
On my meterpreter session I need to execute this command:
procdump64.exe -accepteula -ma lsass.exe lsass1.dmp
this does not work:
meterpreter > execute -f procdump64.exe -accepteula -ma lsass.exe lsass1.dmp
nor
meterpreter > execute -f procdump64.exe -a -accepteula -ma lsass.exe lsass1.dmp
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Author to advice.
Advice given. No further inputs.
ASKER
Revisiting this question again. Btan, no you can't just use the same command from meterpreter. Meterpreter doesn't know what to do with procdump64.exe. you have to tell it to execute. So this command you just stated ran from meterpreter would give me this
meterpreter > procdump64.exe -accepteula -64 -ma lsass.exe lsass.dmp
[-] Unknown command: procdump64.exe.
The meterpreter session is running under the directory that contains procdump64.exe
meterpreter > procdump64.exe -accepteula -64 -ma lsass.exe lsass.dmp
[-] Unknown command: procdump64.exe.
The meterpreter session is running under the directory that contains procdump64.exe
How about running the below as I did not have the MS environment. Executing procdump.exe -accepteula -64 -ma lsass.exe lsass.dmp
https://docs.microsoft.com/en-gb/sysinternals/downloads/procdump
https://docs.microsoft.com/en-gb/sysinternals/downloads/procdump
ASKER