rapid7 / metasploit-payloads

Unified repository for different Metasploit Framework payloads
Other
1.74k stars 672 forks source link

Meterpreter python module timeout and crash #120

Open s3c opened 8 years ago

s3c commented 8 years ago

I've gotten the following results with a couple of scripts intermittently but have only now found a way to reproduce it reliably. So even though the time module is not officially supported, it does illustrate the same issue I have seen elsewhere.

When running the following script:

import time print("before delay") time.sleep(5) print("after delay")

You get the expected output of :

before delay after delay

However, when increasing the time delay to 20 seconds, you get the following result:

meterpreter > python_import -f /root/testscript.py [*] Importing /root/testscript.py ... [-] Error running command python_import: Rex::TimeoutError Operation timed out.

And no further scripts can be ran. This can sometimes be cleared by running python_reset, but often you get the following:

meterpreter > python_reset [-] Error running command python_reset: Rex::TimeoutError Operation timed out.

Additionally, if you run the script immediately after receiving the error message, meterpreter crashes, or in my case, rundll32 does, since thats what I was using to launch it. I tested this using metasploit 4.12.25-dev on stock Kali.

OJ commented 8 years ago

This is partly a known issue, because we have a limited timeout on meterpreter commands, as well as channel comms when fully interactive. There's a deeper issue here that needs to be discussed with regards to command timeouts.

The inability run commands after is certainly concerning.