search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34k stars 13.94k forks source link

Reconnected TCP sessions aren't marked as encrypted #10661

Open OJ opened 6 years ago

OJ commented 6 years ago

It seems that active TCP transport sessions that reconnect to the listener (either after a restart of MSF or a transport change) don't appear to be marked as "encrypted". I've seen this a few times on a recent gig. I'm not sure if this means that the session isn't actually encrypted, or if the UI is just failing to mark it as so.

I don't think this is an issue for HTTP/S sessions, but I haven't validated that yet.

Either way, this needs to be looked at.

Steps to reproduce

  1. Fire up MSF and set up a listener for windows/x64/meterpreter_reverse_tcp.
  2. Fire up a Meterpreter payload on a Windows machine that matches the listener.
  3. Once connected, use sessions -x to see that the session is marked as encrypted.
  4. Restart MSF.
  5. Wait for the reconnection attempt to come in from the existing session.
  6. Once connected, run sessions -x, and see that the session is not marked as encrypted.

Expected behavior

This scenario should result in the session transport being encrypted.

Current behavior

The UI indicates that the session isn't encrypted (need to determine if the UI is lying or not).

System stuff

Metasploit version

888dc43a7e1b64d7d5098d06b038cc18f6a6949f (HEAD -> master, origin/master, origin/HEAD) Land #10348, Add REST API for module queries

I installed Metasploit with:

OS

Fedora 28.

Notes

I'm going to give this issue to myself, as I'm the pleb that wrote the thing in the first place.

OJ commented 6 years ago

While I'm at it, it's worth mentioning that Local URI is listed for TCP connections, which is a bit wrong because there is no such thing!

image

It's as if it's just falling back to the value of the previous session in the list. I'll try to get this fixed as well.

ghost commented 6 years ago

I had the smae problem with HTTP/(s) sessions @OJ https://github.com/rapid7/metasploit-framework/issues/10414

7043mcgeep commented 5 years ago

@OJ Were you able to make any progress on this issue? I'm interested in giving it a go.

OJ commented 5 years ago

I've been a bit swamped with my existing workload, so I'm afraid I've not had a look at this yet. Sorry!

github-actions[bot] commented 3 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.