7ala / armitage

Automatically exported from code.google.com/p/armitage
0 stars 0 forks source link

Meterpreter commands do not function after successful exploit #46

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Exploited target with payload=windows/meterpreter/reverse_tcp
2. Loaded Exploit multi/handler with Reverse Connection
3. Meterpreter session starts on Armitage console
4. At Meterpreter> prompt, no commands work, and there are no options other 
than "Meterpreter Shell" under Attack when right-clicking the target which is 
red with lightning bolts

What is the expected output? What do you see instead?
All commands return nothing.  No additional errors are generated.

What version of Metasploit are you using (type: svn info)? On which
operating system?
URL: https://metasploit.com/svn/framework3/trunk
Repository Root: https://metasploit.com/svn
Repository UUID: 4d416f70-5f16-0410-b530-b9f4589650da
Revision: 11889
Node Kind: directory
Schedule: normal
Last Changed Author: hdm
Last Changed Rev: 11889
Last Changed Date: 2011-03-06 20:46:51 -0600 (Sun, 06 Mar 2011)
Running on Backtrack 4R2

Which database are you using?
MySQL

Please provide any additional information below.
Functions perfectly when I create the same multi/handler with msfconsole.

Original issue reported on code.google.com by scadahac...@gmail.com on 26 Mar 2011 at 2:22

GoogleCodeExporter commented 9 years ago
Disregard.
I did not realize I needed to "wait" until I received UID information before 
proceeding.  All is well.

Good job on Armitage ... I really enjoy using this graphical tool when teaching 
new security students.

Original comment by scadahac...@gmail.com on 26 Mar 2011 at 2:35

GoogleCodeExporter commented 9 years ago
I *greatly* enjoy the fact that you're using it to teach new students. Thanks 
for following up and closing the loop here. -- Raphael

Original comment by rsmu...@gmail.com on 26 Mar 2011 at 1:20

GoogleCodeExporter commented 9 years ago
What do you mean "wait" until you receive UID? I've successfully exploited a 
target, and after 2 minutes, the help command still does not bring back 
relevant commands.

Original comment by alton...@gmail.com on 16 Feb 2012 at 9:42

GoogleCodeExporter commented 9 years ago
@alton.jx - I'm referring to the information displayed below the compromised 
target. If you successfully exploit a Windows system, you will see something 
like NT AUTHORITY @ SOMESYSTEM below the IP address. When you see this, you're 
done waiting.

This should happen pretty quickly (a few seconds). If it doesn't happen, 
contrary to popular belief, waiting won't solve this problem. It's kind of the 
hacker equivalent of speaking english louder and louder hoping a non-native 
speaker will understand or throwing the same SMB exploit against a Windows 7 
host hoping that.... this time, maybe--access will come.

If you can't enter *any* commands:

It sounds like your session becomes established but it never finishes syncing. 
Try rebooting your target. Remember, you're likely exploiting a memory 
corruption bug. If the memory is already corrupted or in some odd state--your 
attack (or post-exploitation kit) won't work.

If *some* commands are missing but a few basic things are present:

Then it sounds like Meterpreter didn't load the stdapi and priv modules. Type: 
use priv and use stdapi to load these by hand. These are DLLs that Meterpreter 
injects into memory on establishing a session (usually). Armitage is smart 
enough, that if you try to do something through a menu and it doesn't work, 
it'll issue these use commands for you. (The command may be load now, I think 
this changed recently in Metasploit)

So, that long explanation is what I mean by "wait" until you receive a UID.

Original comment by rsmu...@gmail.com on 16 Feb 2012 at 9:57