cbrnrd
commented
7 years ago Which payload are you using? I haven't had any trouble with any python meterpretet on a mac.
Open Viss opened 7 years ago
cbrnrd
commented
7 years ago Which payload are you using? I haven't had any trouble with any python meterpretet on a mac.
Viss
commented
7 years ago python/meterpreter/reverse_https
sempervictus
commented
7 years ago @Viss: standby for this to be resolved via the current TLV work @OJ is doing. Sessions will be better identified and resumed via the GUID work.
Viss
commented
7 years ago @sempervictus oh awesome! that'll be super helpful! @OJ is one of my favorite wizards :D I'm sure he'll knock it out of the park. he always does!
I've been dealing with this all day today :D
fsacer
commented
6 years ago slightly related to https://github.com/rapid7/metasploit-framework/issues/8860
On a live engagement, for a client that is a 100% mac shop, I've started encountering continuity issues with meterpreter (the python implementation, specifically).
I've noticed that people will shut their macs, go to another office, or to their homes or elsewhere, and re-open them - and meterpreter attempts to re-establish the connection.
The short way of describing what happens is "metasploit doesn't like that". I see a bunch of traffic via tcpdump, the shells do not ever come back to life, and this causes meterpreter on the target machine to die since it loses comms and all the timeouts occur. I end up losing shells :(
I wonder if it would be interesting to slightly modify how meterpreter operates, in that the source IP of the staged meterpreter process not be a static element - whereby if someone vpns up, or goes to a coffee shop - or otherwise they move locations and their ip changes - meterpreter can somehow intelligently deal with this.