Meterpreter show_mount

Meterpreter’s STDAPI extension (the one that always gets loaded) has a new command. This doesn’t happen very often so it’s worth noting.

The new command prints out the currently attached “mounts”. In windows world, that means the normal CD ROM, C drive, etc, but it also means all of the mounted network drives as well.

This gets very interesting when you happen to find yourself in a VM environment where you can start writing files to the host:

1
2
3
4
5
6
7
8
9

meterpreter > show_mount
Mounts / Drives
===============
Name Type       Size (Total) Size (Free) Mapped to
---- ----       ------------ ----------- ---------
A:\ removable      0.00 B      0.00 B
C:\ fixed         59.90 GiB   28.15 GiB
D:\ cdrom          0.00 B      0.00 B
Z:\ remote        64.78 GiB   18.09 GiB  \\vmware-host\Shared Folders\

I’ll leave the rest up to your imagination for now. But we will come back to this very soon. Huge thanks to @TheColonial - OJ for implementing this much needed option. Merged pull request is here: https://github.com/rapid7/metasploit-framework/pull/6146