nrathaus
commented
6 months ago sessions -v output code is found in: lib/msf/base/serializer/readable_text.rb
Open h00die opened 7 months ago
nrathaus
commented
6 months ago sessions -v output code is found in: lib/msf/base/serializer/readable_text.rb
nrathaus
commented
6 months ago Fix suggested - https://github.com/rapid7/metasploit-framework/pull/19119
I am not sure if we want or not to fix the aligning:
[*] Meterpreter session 1 opened (127.0.0.1:4444 -> 127.0.0.1:42404) at 2024-04-21 14:24:57 +0300
ssions -v
Active sessions
===============
Session ID: 1
Name:
Type: meterpreter linux
Info: noam @ noam-x-K-x
Tunnel: 127.0.0.1:4444 -> 127.0.0.1:42404 (127.0.0.1)
Via: exploit/multi/script/web_delivery
Encrypted: Yes (AES-256-CBC)
UUID: 34c090034951e3e2/python=20/linux=6/2024-04-21T11:24:56Z
CheckIn: 5s ago @ 2024-04-21 14:24:57 +0300
Registered: No
SessionExpirationTimeout: 60Recreate:
use multi/script/web_delivery
set LHOST 127.0.0.1
set sessionexpirationtimeout 60
rexploit
== Separate window
Run the provided python line
== Return back
sessions -vThis is how it would look if it was aligned:
Session ID: 1
Name:
Type: meterpreter linux
Info: noam @ noam-x-K-x
Tunnel: 127.0.0.1:4444 -> 127.0.0.1:42404 (127.0.0.1)
Via: exploit/multi/script/web_delivery
Encrypted: Yes (AES-256-CBC)
UUID: 34c090034951e3e2/python=20/linux=6/2024-04-21T11:24:56Z
CheckIn: 5s ago @ 2024-04-21 14:24:57 +0300
Registered: No
SessionExpirationTimeout: 60
smcintyre-r7
commented
4 months ago Isn't the session expiration shown by the get_timeouts command?
e.g.
meterpreter > get_timeouts
Session Expiry : @ 2024-07-01 16:11:25
Comm Timeout : 300 seconds
Retry Total Time: 3600 seconds
Retry Wait Time : 10 seconds
meterpreter > It seems reasonable to retrieve it and show it in sessions -v though I guess. The thing is that it can change, so we'd either need to fetch it everytime sessions -v is run, or cache it and keep it synced whenever it changes. That would probably involve getting it when the session is established and anytime the user changes it.
h00die
commented
4 months ago I think the cache and sync when changed implementation idea seems reasonable.
Session expiration timeout (aka auto kill a session after X seconds) is a great feature. However, once set it's not displayed anywhere.
Example
So we have a session and the expiration is 60 seconds.
oh no, our session died! Well it died because of the 60sec timeout. However, that value isn't displayed anywhere.
Improvements
I think the
sessionscommand should have a column shown for this value. Not the60, but the actual datetime of the expiration, so 2024-03-28 10:14:42 in this case. I like this being shown in thesessionscommand, as opposed tosessions -xbecause I think its important information for all sessions, to be able to quickly verify when our session will die. However, if the value doesn't exist for all established sessions, it could be removed. If you don't like variable column counts for a table, then it could go into-xsessions -vshould likely also expose this information.This was discussed in slack with @adfoster-r7 and @jmartin-tech .