Cannot execute program with Meterpreter on target OS

Question

I'm a uni student taking a course on cybersecurity and what I am attempting to do is solely for educational purposes and not malicious.

I used the eternalblue exploit to gain access to the victim's computer (a Windows Server 2008 R2 virtual machine). I uploaded a simple helloworld.exe program on their desktop. Now, I am trying to execute helloworld.exe on their computer using the two methods below.

meterpreter > execute -f helloworld.exe
meterpreter > execute -f helloworld.exe -i 
meterpreter > execute -f helloworld.exe -i -H

and

meterpreter > shell
.
.
.
C:\users\username\desktop> start helloworld.exe

None of the above methods will run the helloworld program. I do not see the helloworld.exe running on the victim's computer task manager. But, sometimes the UI0detect.exe shows up and disappears in the task manager. The Interactive Services Detection window sometimes would show up as well.

Note that I am able to execute the helloworld.exe while on the target OS in the command prompt using start helloworld.exe or in powershell using ./helloworld

@VipulNair I can execute helloworld.exe via the command prompt and powershell on the target host. I cannot do the same on the local host using the methods above. — profound_swami, Oct 30 '19 at 07:20

score 0 · Answer 1 · edited Oct 30 '19 at 09:22

If you have access to the box, then check out the event viewer for any log statement that might give you more information.

If your executable is malware then I would substitute it with some benign executable and check if you can execute it, if this is the case either application whitelisting or some antivirus is blocking your execution.

If your executable is interactive then it might be executing but you are not seeing anything or if the meterpreter session is not an interactive Windows session logon you might not even be allowed to execute it.

Sometimes meterpreter gets confused with the paths. I've always found more reliable to start a shell and then execute cmd.exe /c "/path/to/helloworld.exe"

If nothing above works, try other ways of getting a revshell except meterpreter; use nc.exe or any powershell revshell (nishang is pretty good).

Also, always use an absolute path when executing custom executables in Windows. It will save you a lot of trouble.

Finally, make sure that the executable was compiled against the same architecture than the target computer and that you are using a Windows account that has enough privileges to execute that executable.

The OP can run the exe manually while on the machine, so it is compiled correctly. — schroeder, Oct 30 '19 at 09:22

Cannot execute program with Meterpreter on target OS

1 Answers1