Closed GoogleCodeExporter closed 8 years ago
I think you failed to start a multi/handler for reverse https correctly.
Armitage creates a multi/handler for a random port for reverse_tcp on startup.
4127 is likely it. 4127 is NOT the msfrpcd or teamserver port.
I'm not closing this because I have yet to walk through the steps and try to
reproduce the problem. Once I try them, I'll report here.
Original comment by rsmu...@gmail.com
on 9 Dec 2012 at 10:59
Thank you for your comment. You are right. The handler shown in the image I
attached above is the one for the default handler. I launched my own handler
for the reverse_https one from the console (View->Console). I typed the usual
msf commands for launching the handler i.e.
msf> use exploit/multi/handler
msf> set payload
msf> set port
msf> set lhost
msf> exploit
The handler is launched and it is able to receive the session as well. One
thing I am just curios about is why the handler launched through the console is
not visible in the Jobs while the one launched through the GUI is. Is this the
default behavior?
Nevertheless, thank you for pointing out what I was missing.
Original comment by pwdphis...@gmail.com
on 10 Dec 2012 at 5:44
When you run a module in a console, with exploit or run, it is not a job by
default. It just runs and you have no control over it. Armitage runs all
modules as jobs (appending the -j option to exploit or run) so that you have
control to stop them if you need to.
Original comment by rsmu...@gmail.com
on 10 Dec 2012 at 6:02
Raphael Mudge, you are indeed awesome. And though this issue is done now, just
if you have the time, please check the following scenario. Launch the handler
from the console and append a -j. The Jobs menu won't pick either payload or
port. I have attached the images.
Original comment by pwdphis...@gmail.com
on 10 Dec 2012 at 6:42
Attachments:
msf > use exploit/multi/handler
msf exploit(handler) > set LHOST 192.168.95.128
LHOST => 192.168.95.128
msf exploit(handler) > set Iterations 3
Iterations => 3
msf exploit(handler) > set LPORT 8443
LPORT => 8443
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_https
PAYLOAD => windows/meterpreter/reverse_https
msf exploit(handler) > set Encoder x86/shikata_ga_nai
Encoder => x86/shikata_ga_nai
msf exploit(handler) > set EXITFUNC process
EXITFUNC => process
msf exploit(handler) > set ExitOnSession false
ExitOnSession => false
msf exploit(handler) > exploit -j
[*] Exploit running as background job.
[*] Started HTTPS reverse handler on https://192.168.95.128:8443/
[*] Starting the payload handler...
I popped open the jobs tab and I see the multi/handler. Here's the jobs output
(I'm too lazy to take an SS of the tab and upload it here, but it's showing):
msf > jobs -v
Jobs
====
Id Name Payload LPORT URIPATH Start Time
-- ---- ------- ----- ------- ----------
0 Exploit: multi/handler windows/meterpreter/reverse_tcp 27762 2012-12-11 16:40:47 -0500
1 Exploit: multi/handler windows/meterpreter/reverse_https 8443 2012-12-11 16:43:12 -0500
Original comment by rsmu...@gmail.com
on 11 Dec 2012 at 9:45
Thanks mudge. I guess there is some problem with my Armitage client. I am going
to download the latest one available on your website and will give it a try.
Thanks for your time. And keep up the brilliant work.
Original comment by pwdphis...@gmail.com
on 12 Dec 2012 at 9:54
Original issue reported on code.google.com by
pwdphis...@gmail.com
on 9 Dec 2012 at 4:58Attachments: