search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
33.87k stars 13.92k forks source link

NamedPipe connections failure in lateral movement #16683

Open zerobytes999 opened 2 years ago

zerobytes999 commented 2 years ago

Steps to reproduce

How'd you do it?

  1. Create reverse https payload and run it on machine 1
  2. Create pivot listener with pivot command on machine 1 with pipe name msf-pipe
  3. Create reverse named pipe payload with msfvenom to connect to machine 1 msf-pipe
  4. Run payload on machine 2
  5. Create pivot listener with pivot command on machine 2 with pipe name msf-pipe
  6. Create reverse named pipe payload with msfvenom to connect to machine 2 msf-pipe
  7. Run payload on machine 3

Machine 1 OS: Windows 10 pro Machine 2 OS: Windows server 2019 Machine 3 OS: Windows 10 pro Payloads tried in x64 and x86 architecture - EXE format

Expected behavior

Running the first named connects smoothly. Running the 2nd named pipe to connect to the first named pipe using reverse named pipe payload should open a session

Current behavior

Running 2nd named pipe to connect to the first named pipe fails, on TLV logging i see that the new pivot session command is received but never continues

Metasploit version

Metasploit v6.2.2

github-actions[bot] commented 2 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

zerobytes999 commented 2 years ago

issue still exists

github-actions[bot] commented 2 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.