adfoster-r7
commented
3 weeks ago If I remember correctly, each payload can be configured with its own session expiration baked into the payload itself. I think you can also configure each payload to have a new session expiration set at runtime: https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-timeout-control.html#changing-timeouts
Therefore I don't think this PR's approach will work by itself without additional changes; We were thinking it'd probably need to be tracked as part of the sysinfo retrieval when Meterpreter is connecting back - and then potentially additionally updated when the user updates the value via the console in some way. For instance - I don't think we'd want to make fresh RPC calls to Meterpreter for each sessions -v / session -x call
Resolves https://github.com/rapid7/metasploit-framework/issues/19023