Open bwatters-r7 opened 2 years ago
I haven't replicated this yet, but it resembles an issue Simon and I fixed within shell_to_meterpreter
, which also used cmd_exec
TL;DR There's now a new Channelize
option on cmd_exec
to specify that the process should be executed, but to not wait around to buffer the stdout/stderr output back to msfconsole. That might fix the might be a solution for this exploit as well 🤞
Similar issue with PowerShell sessions: https://github.com/rapid7/metasploit-framework/issues/9511. Although it is old now - may have been patched.
In testing the LPE here https://github.com/rapid7/metasploit-framework/pull/16312 using a python payload the exploit succeeds but then timeout errors are generated. It appears to fail while crashing the original session. After turning on debugging and watching, the thing that's happening is that the session freezes after the
cmd_exec
call. All commands after thecmd_exec
fail with timeout errors. If you go back to the original (not root) session, all commands give timeout error. If you go into the new root session, it works fine, and if you exit the new root session, then the original session becomes operative again. Example: